socket-security[bot]
commented
1 year ago New dependencies detected. Learn more about Socket for GitHub ↗︎
| Packages | Version | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|---|
| contentful | 10.6.5 | environment | +5 |
3.77 MB | contentful-ecosystem |
| @contentful/rich-text-types | 16.3.0 | None | +0 |
147 kB | contentful-ecosystem |
| contentful-management | 10.46.4 | environment | +4 |
9.07 MB | contentful-ecosystem |
| type-fest | 4.6.0 | None | +0 |
296 kB | sindresorhus |
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - packages/contentful-ssg/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **748/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1 | Cross-site Request Forgery (CSRF)
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: contentful
The new version differs by 250 commits.- d497590 Merge pull request #1967 from contentful/chore/bump-axios-1.x
- 0c420a5 Merge branch 'master' into chore/bump-axios-1.x
- 5462ba0 build(deps): bump type-fest from 4.0.0 to 4.1.0 (#1976)
- f7386ab build(deps-dev): bump core-js from 3.31.1 to 3.32.0 (#1975)
- 0e6f33f build(deps-dev): bump eslint-config-prettier from 8.8.0 to 8.9.0 (#1974)
- 09af8f4 chore: increase max bundle size
- c48c5a9 all scripts working as expected
- 8caf835 feat: bump axios 1.x [NONE]
- 198333a build(deps-dev): bump tslib from 2.6.0 to 2.6.1 (#1971)
- 570804d build(deps): bump contentful-sdk-core from 7.1.0 to 8.1.0 (#1968)
- 0c33234 build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#1966)
- 857d04a build(deps-dev): bump webpack from 5.88.1 to 5.88.2 (#1965)
- 31316a5 build(deps): bump type-fest from 3.13.0 to 4.0.0 (#1962)
- fc966fa Merge pull request #1949 from contentful/fix/validation-message-null-type
- e653e6a fix: allow null type for validation message
- c12397b build(deps-dev): bump nodemon from 2.0.22 to 3.0.1 (#1960)
- bd7e8ff build(deps): bump type-fest from 3.12.0 to 3.13.0 (#1959)
- 53cc6b4 build(deps): bump tough-cookie from 4.0.0 to 4.1.3 (#1958)
- a859a3e build(deps-dev): bump core-js from 3.31.0 to 3.31.1 (#1957)
- 62d476b build(deps-dev): bump semantic-release from 21.0.6 to 21.0.7 (#1954)
- c45fcff fix: downgrade browseslist to support old browsers [PHX-2717] (#1948)
- 03883b4 build(deps-dev): bump ts-loader from 9.4.3 to 9.4.4 (#1952)
- 9c9edd4 build(deps-dev): bump semantic-release from 21.0.5 to 21.0.6 (#1950)
- bd3a5ec build(deps-dev): bump webpack from 5.88.0 to 5.88.1 (#1951)
See the full diffPackage name: contentful-management
The new version differs by 250 commits.- 8280588 feat(deliveryFunctions): Allow CCA to upload delivery functions [MONET-1336] (#1926)
- 48fdbe1 Upgrade to webpack 5 (#1896)
- 357683d build(deps-dev): bump eslint-config-prettier from 8.10.0 to 9.0.0 (#1914)
- 57d5d82 build(deps-dev): bump @ types/node from 20.4.6 to 20.4.8 (#1915)
- f35be80 build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.28.0 (#1908)
- e436087 build(deps-dev): bump eslint-config-prettier from 8.9.0 to 8.10.0 (#1912)
- 8ec45ff build(deps-dev): bump @ types/sinon from 10.0.15 to 10.0.16 (#1910)
- c8f57f9 build(deps-dev): bump @ types/node from 20.4.5 to 20.4.6 (#1911)
- 03c9f40 chore: bump axios to 1.x [PHX-2741] (#1892)
- 5dc5151 build(deps-dev): bump eslint from 8.45.0 to 8.46.0 (#1907)
- a2d1887 build(deps-dev): bump eslint-config-prettier from 8.8.0 to 8.9.0 (#1904)
- 50e32a0 build(deps-dev): bump @ babel/node from 7.22.5 to 7.22.6 (#1905)
- 63cf962 build(deps-dev): bump @ babel/eslint-parser from 7.22.5 to 7.22.9 (#1900)
- 977b159 build(deps-dev): bump @ babel/core from 7.22.5 to 7.22.9 (#1888)
- 4bd26f2 build(deps-dev): bump @ types/lodash from 4.14.192 to 4.14.196 (#1902)
- e3c9748 build(deps-dev): bump nodemon from 2.0.22 to 3.0.1 (#1903)
- 3b81cdf build(deps-dev): bump @ types/node from 20.4.2 to 20.4.5 (#1901)
- 9e12887 build(deps-dev): bump webpack-bundle-analyzer from 4.8.0 to 4.9.0 (#1887)
- d34a771 build(deps): bump type-fest from 3.12.0 to 4.0.0 (#1897)
- 62d0ae9 build(deps-dev): bump @ babel/cli from 7.22.5 to 7.22.9 (#1895)
- 784120b build(deps-dev): bump @ types/node from 20.3.3 to 20.4.2 (#1893)
- 51fcbb6 build(deps-dev): bump mocha-junit-reporter from 2.2.0 to 2.2.1 (#1891)
- c65b1f2 build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (#1890)
- 43d70b4 build(deps-dev): bump @ typescript-eslint/parser from 5.60.1 to 5.62.0 (#1885)
See the full diff