search

antonbabenko / modules.tf-lambda

Infrastructure as code generator - from visual diagrams created with Cloudcraft.co to Terraform
https://www.cloudcraft.co/
MIT License
350 stars 56 forks source link

[Snyk] Security upgrade serverless from 1.65.0 to 2.0.0 #56

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: serverless The new version differs by 250 commits.
  • 9f5a077 refactor(Templates): Upgrade `frameworkVersion`
  • dd3508b chore: Release v2.0.0
  • ff8a548 chore: Bump dependencies
  • e241cc2 test(AWS HTTP API): Fix after drop for timeout support
  • 1cfd1f2 feat(AWS HTTP API): Drop support for `timeout` setting
  • 615b10b test(Packaging): Ensure test is deterministic
  • 1beb8d0 refactor: Replace mkdrip with esnureDir from fs-extra
  • 861686b refactor: Refactor to async/await
  • dfc7839 feat(CLI): Fallback to service local serverless installation by default
  • 0597cfb chore: Upgrade ESLint configuration to support ES2019 syntax
  • 0160e9e chore: Upgrade boxen to v4 (#8163)
  • 7c304df feat(AWS ALB): Remove support for `authorizers[].allowUnauthenticated`
  • 33eef9f feat(CLI): Remove "slss", "serverless" command alias (#8161)
  • 34b64e0 chore: Upgrade @ serverless/enterprise-plugin to v4
  • 1db7f43 chore: Upgrade @ serverless/components
  • 12b979c test(AWS HTTP API): FIx after default payload mode change
  • 1596738 feat(AWS HTTP API): Switch default payload mode to 2.0 (#8133)
  • 4ceaca0 refactor(CLI): Remove deprecated bin/serverless file (#8142)
  • c620af3 fix(Packaging): Fix resolution of files with '.' In their names (#8130)
  • e131f26 refactor(AWS Lambda): Remove support for async config on destination
  • f9c3077 ci: Fix configuration of integrate job
  • 69dd4b9 feat: Drop support for Node.js versions below v10
  • 28ef7cc docs: Fix typo in the word 'maintenance' in changelog (#8215)
  • 2d403dd chore: Release v1.83.0
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic