CLAassistant
commented
2 years ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - external/keepers/package.json - external/keepers/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-1579269](https://snyk.io/vuln/SNYK-JS-AXIOS-1579269) | No | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ETHERS-1586048](https://snyk.io/vuln/SNYK-JS-ETHERS-1586048) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: axios
The new version differs by 41 commits.- e367be5 [Releasing] 0.21.3
- 83ae383 Correctly add response interceptors to interceptor chain (#4013)
- c0c8761 [Updating] changelog to include links to issues and contributors
- 619bb46 [Releasing] v0.21.2
- 82c9455 Create SECURITY.md (#3981)
- 5b45711 Security fix for ReDoS (#3980)
- 5bc9ea2 Update ECOSYSTEM.md (#3817)
- e72813a Fixing README.md (#3818)
- e10a027 Fix README typo under Request Config (#3825)
- e091491 Update README.md (#3936)
- b42fbad Removed un-needed bracket
- 520c8dc Updating CI status badge (#3953)
- 4fbeecb Adding CI on Github Actions. (#3938)
- e9965bf Fixing the sauce labs tests (#3813)
- dbc634c Remove charset in tests (#3807)
- 3958e9f Add explanation of cancel token (#3803)
- 69949a6 Adding custom return type support to interceptor (#3783)
- 49509f6 Create FUNDING.yml (#3796)
- 199c8aa Adding parseInt to config.timeout (#3781)
- 94fc4ea Adding isAxiosError typeguard documentation (#3767)
- 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
- a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
- 59fa614 [Updated] follow-redirects to the latest version (#3771)
- 7821ed2 Feat/json improvements (#3763)
See the full diffPackage name: ethers
The new version differs by 13 commits.- 4166b27 Updated dist files.
- 32a6b2a Fix parseUints with excess zeros and fix ReDoS issue (#2016, #1975, #1976).
- f2a32d0 docs: added provider.FeeData
- 5762a1f updated dist files.
- 8320d53 Temporarily remove the block miner for clique-based networks from CI testing (#1967).
- c41b89a updated dist files.
- b6a061e More readable errors involving Uint8Arrays.
- a662490 Added Deferred Error support to Description objects to extent Interface parse methods (#1894).
- bdb54ac docs: added cookbook entry to compute raw transaction (#1857).
- 32a90b6 docs: added Alchemy tutorial
- 95b87f6 docs: added BigNumber.toBigInt (#1799).
- 017b1fe Fix address coder to prepare non-hexdatastring addresses as hexdatastring (#1906).
- accb852 Removed temporary code for better errors needed until Alchemy added EIP-1559 support (#1893).
See the full diff