htilly / zenmusic

Slack / Sonos / Spotify / Node.js - Control Sonos through #Slack
125 stars 36 forks source link

[Snyk] Security upgrade sonos from 1.14.0 to 1.14.1 #58

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sonos The new version differs by 15 commits.
  • 010dafe Merge pull request #508 from svrooij/bugfixes-2021-03
  • b499043 fix: Support for regular spotify playlists
  • 7170293 fix: Stop encoding search term for shares.
  • 5638947 fix Add AlbumArtist to DIDL parsing
  • 336497e chore: Launch config to start examples in VSCode
  • 5d15391 docs: Sample in readme updated
  • 636cd4e chore: Package update
  • 16c64e1 chore(deps): bump ini from 1.3.5 to 1.3.7
  • f4d9110 chore(deps): bump axios from 0.19.0 to 0.21.1
  • 04abbdc Merge pull request #491 from svrooij/documentation
  • e9c74c9 ci: Remove Travis in favour of GitHub Actions (#492)
  • 29a09de chore: Fixed some typ-o
  • 0ba85a5 chore(deps-dev): bump semantic-release from 15.13.24 to 17.2.3
  • 0df39c7 docs: Added discord links
  • 6591b2b chore(deps): bump node-fetch from 2.6.0 to 2.6.1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic