[Snyk] Security upgrade matrix-appservice-bridge from 3.2.0 to 5.0.0 - Githubissues

geluk / matrix-webhook-gateway

Webhook gateway for Matrix / Synapse. Create and manage webhooks in Matrix channels for multiple services.

MIT License

18 stars 4 forks source link

[Snyk] Security upgrade matrix-appservice-bridge from 3.2.0 to 5.0.0 #74

Closed snyk-bot closed 1 year ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	716/1000 Why? Recently disclosed, Has a fix available, CVSS 8.6	Key Exchange without Entity Authentication SNYK-JS-MATRIXJSSDK-3035643	Yes	No Known Exploit
	716/1000 Why? Recently disclosed, Has a fix available, CVSS 8.6	Authentication Bypass SNYK-JS-MATRIXJSSDK-3035652	Yes	No Known Exploit
	581/1000 Why? Recently disclosed, Has a fix available, CVSS 5.9	Key Exchange without Entity Authentication SNYK-JS-MATRIXJSSDK-3035765	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: matrix-appservice-bridge

The new version differs by 108 commits.

610d09e 5.0.0
3dceff7 Update matrix-bot-sdk and other packages (#415)
fe54a32 Update matrix-appservice to 1.0.0 (#423)
4fd4b7e Create CODEOWNERS (#424)
6ef3891 Merge branch 'release-4.0.2' into develop
bfc1a0e 4.0.2
79a8d96 changelog
620a53a Pin to matrix-bot-sdk@0.6.0-beta.2
d3c4a66 Bump moment from 2.29.3 to 2.29.4 in /examples/encryption (#419)
b4e4296 Bump moment from 2.29.3 to 2.29.4 in /examples/slack-starter (#418)
e84e6ff Bump moment from 2.29.2 to 2.29.4 (#417)
de0671c Pin to matrix-bot-sdk@0.6.0-beta.2 (#416)
b5e4c3e Account for the port specifier at the end of server names (#414)
7e66bbb Update newsfragment project name (#411)
a2fa3d9 Bump simple-get from 3.1.0 to 3.1.1 (#402)
f5dba5a Bump follow-redirects from 1.14.4 to 1.15.0 (#403)
9b1c750 Remove option to disable authentication of the 3pid endpoints (#409)
c555376 Merge pull request #404 from matrix-org/hs/contributing
f31e556 Update CONTRIBUTING.md
3b5b003 nitpicks
cc5b28c changelog
8d8c79e Merge pull request #406 from abbyck/fix-docs
a236e1d Fix doc generation on release
94d68b5 Line length

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.