search

noqcks / pull-request-size

Applies labels to Pull Requests based on the total lines of code changed.
https://github.com/marketplace/pull-request-size
MIT License
157 stars 40 forks source link

[Snyk] Upgrade serverless from 3.33.0 to 3.38.0 #142

Closed noqcks closed 5 months ago

noqcks commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade serverless from 3.33.0 to 3.38.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **48 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-11-22. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Request Forgery (CSRF)
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-AXIOS-6144788](https://snyk.io/vuln/SNYK-JS-AXIOS-6144788) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | No Known Exploit | Improper Input Validation
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-6124857](https://snyk.io/vuln/SNYK-JS-AXIOS-6124857) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: serverless from serverless GitHub release notes
Commit messages
Package name: serverless
  • ee7fe48 chore: Release 3.38.0 (#12268)
  • 6cdf14e feat: Add support for provided.al2023 runtime (#12263)
  • cd031b9 chore: Release 3.37.0 (#12262)
  • b21afaf fix: Update pkg config to include axios cjs (#12261)
  • 10980b9 fix: bump platform-client version for axios (#12260)
  • f3f0af8 feat: Add support for nodejs20.x runtime (#12251)
  • bf04146 chore: Release v3.36.0 (#12223)
  • 77a689a docs: Add Dashboard docs on source maps (#12220)
  • 3fc7f4e chore: Bump @ serverless/dashboard-plugin (#12222)
  • f22354e docs: Add details on trace sampling (#12184)
  • ad8bbf1 fix: Improve dashboard documentation
  • 8f266af fix: Fix menu for dashboard documentation
  • f67df7f fix: Improve dashboard documentation
  • bb4d7c8 fix: Dashboard documentation improvements
  • f1fa19c fix: Minor dashboard doc improvements (#12177)
  • eb462ed feat: Improved dashboard documentation and gitignore (#12176)
  • c5b6e41 docs: Minor updates for Dashboard V.2 (#12170)
  • 8292d7c chore: Remove Console related display methods (#12168)
  • b1def20 chore: Release v3.35.2 (#12164)
  • 7f5736c chore: Bump @ serverless/dashboard-plugin (#12163)
  • 101ce53 fix: Adjust copy for clarity (#12162)
  • ee89ebe chore: Release v3.35.1 (#12161)
  • 1f8d786 fix: Do not use isDashboard in onboarding flow (#12160)
  • 737bc1e chore: Release v3.35.0 (#12159)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/benji-or7/project/160be9c9-3a12-4b96-8b92-7d2a121c9c1a?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/benji-or7/project/160be9c9-3a12-4b96-8b92-7d2a121c9c1a/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/benji-or7/project/160be9c9-3a12-4b96-8b92-7d2a121c9c1a/settings/integration?pkg=serverless&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
socket-security[bot] commented 7 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/serverless@3.38.0 environment, filesystem, network, shell, unsafe Transitive: eval +476 130 MB serverless-main

🚮 Removed packages: npm/serverless@3.33.0

View full report↗︎

codecov[bot] commented 7 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (4bea779) 88.67% compared to head (6270c9a) 88.67%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #142 +/- ## ======================================= Coverage 88.67% 88.67% ======================================= Files 8 8 Lines 256 256 Branches 33 33 ======================================= Hits 227 227 Misses 27 27 Partials 2 2 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.