search

hirosystems / stacks-blockchain-api

API for the Stacks blockchain
https://stacks-blockchain-api.vercel.app
GNU General Public License v3.0
178 stars 115 forks source link

[Snyk] Security upgrade http-proxy-middleware from 2.0.1 to 2.0.7 #2129

Closed CharlieC3 closed 3 weeks ago

CharlieC3 commented 1 month ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 828/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7		 Denial of Service (DoS)
SNYK-JS-HTTPPROXYMIDDLEWARE-8229906		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: http-proxy-middleware The new version differs by 37 commits.
  • 1e92339 ci(github-actions): fix npm tag
  • 90afb7c chore(package): v2.0.7
  • 0b4274e fix(filter): handle errors
  • 1bd6dd5 ci(github actions): add publish.yml
  • c08cb1e chore(package): v2.0.6 (#764)
  • 3f48d50 fix(proxyReqWs): catch socket errors
  • f64c994 chore(package): v2.0.5
  • bd15913 fix(error handler): add default handler to econnreset
  • 4baae76 chore(package): v2.0.4 (#729)
  • 68bc6d7 fix(fix-request-body): improve content type check (#725)
  • e9e25ca docs(response-interceptor.md): add headers modification example (#724)
  • 2d6741a chore(vscode): add recommended extensions (#715)
  • 7f99ed1 chore(package): bump dev dependencies (#714)
  • cb46628 chore(package): v2.0.3
  • fbafdb4 feat(package): optional @ types/express peer dependency
  • d762398 chore(package): v2.0.2
  • 7cfb81e chore(deps): update @ types/http-proxy to 1.17.8
  • 2bddd38 fix(fixRequestBody): fix request body for empty JSON object requests (#640)
  • 6b5d7a8 fix(types): fix type regression
  • aaa15a9 chore(package): bump dev dependencies (#699)
  • 1e91fd3 chore(github): bug template improvements (#698)
  • e2b4e30 chore: fix github templates (#697)
  • 92f75c4 build: spellchecker (#689)
  • 6ca729e build(eslint): disable @ typescript-eslint/no-explicit-any
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

github-actions[bot] commented 1 month ago

Vercel deployment URL: https://stacks-blockchain-rg0a9068m-hirosystems.vercel.app :rocket:

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

:loudspeaker: Thoughts on this report? Let us know!

smcclellan commented 3 weeks ago

This is not used in any public-facing code. Will merge anyway but not high priority.

blockstack-devops commented 3 weeks ago

:tada: This PR is included in version 8.2.1-beta.1 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

blockstack-devops commented 3 weeks ago

:tada: This PR is included in version 8.2.1 :tada:

The release is available on:

Your semantic-release bot :package::rocket: