antonbabenko / modules.tf-lambda

Infrastructure as code generator - from visual diagrams created with Cloudcraft.co to Terraform
https://www.cloudcraft.co/
MIT License
352 stars 56 forks source link

[Snyk] Fix for 2 vulnerabilities #58

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
No Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: serverless-plugin-thundra The new version differs by 32 commits.
  • 051394e Bump version to 2.5.7
  • a7b5fba Improve publish flow, skip npm checks, and use default github token (#54)
  • 63ef721 Change node version to 10.x (#53)
  • a4de335 Run linter for node 8.x (#52)
  • 0ba3e4b Bump elliptic from 6.5.3 to 6.5.4 (#51)
  • fe8a2a1 Better release action (#50)
  • d486ffd Bump axios from 0.20.0 to 0.21.1 (#43)
  • b02ef75 Add npm publish action (#48)
  • c8bbe9f Update package.json (#41)
  • 897a65c Update README.md (#44)
  • e5ce9dc Bump ini from 1.3.5 to 1.3.8 (#42)
  • da27004 Bumped version to `2.5.6`
  • 92a5723 Update deprecated dependencies (#40)
  • 467437b Bumped version to `2.5.5`
  • 75380de Supported all Java runtimes instead of only `java8` (#39)
  • fcb492c Bumped version to `2.5.4`
  • d7b44fe Add dotnet runtime support (#37)
  • 68c895e Bumped version to `2.5.3`
  • 79316dc Upgraded default node layer version to `70` (#38)
  • d0c742f Updated `package-lock.json`
  • a6d4744 Fix/log layer error (#36)
  • 3581624 Upgraded default python layer version to `38` (#34)
  • 98a598b Upgraded default java layer version to `56` (#33)
  • 2a19a88 Upgraded default node layer version to `69` (#32)
See the full diff
Package name: snyk The new version differs by 250 commits.
  • 3f52bdc Merge pull request #1669 from snyk/fix/dont-fail-on-request-big-payload
  • 47e106e fix: don't fail on request's big payload
  • 1228b55 Merge pull request #1624 from snyk/chore/cli-alert-improvement
  • fccd907 Merge pull request #1666 from snyk/chore/bump-cpp-test-timeout
  • 6772a3e Merge pull request #1649 from snyk/chore/deps-update
  • 89a7767 chore: update dependencies
  • eaf4915 test: wrap pagerduty await in try-catch, remove condition
  • 0576431 test: add pagerduty, check if test is running before attemmpting rerun
  • a08a938 chore: bump flaky cpp test timeout
  • ebb8dd7 Merge pull request #1656 from snyk/feat/protect-prime-time
  • 69cd590 test: fix flakey json output test
  • 3021bb2 Merge pull request #1663 from snyk/fix/upgrade-snyk-gradle-plugin
  • a988600 Merge pull request #1654 from snyk/feat/iac-experimental-terraform-support
  • b455497 feat: iac experimental tf support
  • 4848b7e chore: run tests in packages in CI
  • 3e7e99e feat: implement snyk protect
  • bb233f1 chore: enable prettier formatting in packages
  • fe0183d test: enable jest testing in snyk-protect workspace
  • 40ec817 test: test fixture for snyk protect
  • 7dfd3ea Merge pull request #1661 from snyk/test/fix-flake-with-dev-count-analysis
  • 02c99b8 test: remove tests previously migrated to jest
  • e203fd1 test: set timeout in beforeAll
  • d42f6d9 fix: update snyk-gradle-plugin to 3.13.2
  • 8cd9fbf Merge pull request #1662 from snyk/test/add-longer-timeouts
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic