search

fp-rap-build / hap

hap-git-main-familypromiseofspokane.vercel.app
4 stars 5 forks source link

[Snyk] Fix for 1 vulnerabilities #568

Open jfuginay opened 10 months ago

jfuginay commented 10 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - services/server/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-AXIOS-6144788](https://snyk.io/vuln/SNYK-JS-AXIOS-6144788) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @sendgrid/mail The new version differs by 9 commits.
  • b1c831f Release 8.0.0
  • 2f56e16 [Librarian] Version Bump
  • dc01933 Add an upgrade guide to main
  • 8a7e4eb feat!: node version upgrade, axios upgrade (#1391)
  • b8125d8 docs: updated the year in the license
  • 7d62da1 docs: Fix broken url on npmjs (#1376)
  • 3bab53b Adding misc as PR type (#1367)
  • 4b0eeda docs: Add use case for substitutions (#1363)
  • 3d8e645 docs: drop references to ISSUE_TEMPLATE.md
See the full diff
Package name: smartystreets-javascript-sdk The new version differs by 89 commits.
  • 4ca49da Merge pull request #77 from smarty/dave/update-sdk
  • 17cfa78 Updates axios, axios-retry, and mocha
  • c0c58d1 Merge pull request #75 from smarty/duncan/update-apis
  • 70015f4 Standardized International Autocomplete, US Autocomplete Pro and US Extract input data population with other APIs.
  • 0f279c4 Merge pull request #71 from smarty/skon/update-international-address-autocomplete
  • ef0f8a2 Changes var from plural to singular
  • 6c78436 Adds support for secret key pairs
  • ebcae11 Renames for clarity
  • fd63dfa Removes all deprecated references
  • 66da064 Changes builder to the deprecated one
  • 9ba087e Adds space
  • fedd19f Updates example file for v2 to match the Java SDK a bit more
  • a388e68 Merge remote-tracking branch 'origin/skon/update-international-address-autocomplete' into skon/update-international-address-autocomplete
  • 8b8a1b8 reverts local environment changes committed by mistake in the example file, improves comments
  • b839614 Merge branch 'skon/update-international-address-autocomplete' of github.com:smarty/smartystreets-javascript-sdk into skon/update-international-address-autocomplete
  • a744a94 removes unnecessary hostname from example file
  • d2e93fa References the addressId property correctly
  • 6c4a9e1 Merge branch 'master' into skon/update-international-address-autocomplete
  • 9ac13d6 Renames to urlParams
  • 800d757 Moved adding the slash to more central location
  • 680063f Merge pull request #72 from smarty/cami/node-versions
  • 9b61bc6 updates to new license value
  • 5d0e350 Updates node versions
  • dd3ac21 creates example for international_address_autocomplete
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/iesous-kurios/project/40faad69-6b25-41aa-af2b-917a09a5a82f?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/iesous-kurios/project/40faad69-6b25-41aa-af2b-917a09a5a82f?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"bca5134a-aa3f-40a3-942a-06c9ee26f5f0","prPublicId":"bca5134a-aa3f-40a3-942a-06c9ee26f5f0","dependencies":[{"name":"@okta/jwt-verifier","from":"2.6.0","to":"3.0.0"},{"name":"@sendgrid/mail","from":"7.7.0","to":"8.0.0"},{"name":"axios","from":"0.21.4","to":"1.6.4"},{"name":"smartystreets-javascript-sdk","from":"1.13.7","to":"4.0.1"}],"packageManager":"npm","projectPublicId":"40faad69-6b25-41aa-af2b-917a09a5a82f","projectUrl":"https://app.snyk.io/org/iesous-kurios/project/40faad69-6b25-41aa-af2b-917a09a5a82f?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-AXIOS-6144788"],"upgrade":["SNYK-JS-AXIOS-6144788"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
vercel[bot] commented 10 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
hap ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 5, 2024 2:06pm
hapdev ❌ Failed (Inspect) Jan 5, 2024 2:06pm