Closed noqcks closed 5 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/serverless@3.38.0 | environment, filesystem, network, shell, unsafe Transitive: eval | +476 |
130 MB | serverless-main |
🚮 Removed packages: npm/serverless@3.33.0
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
4bea779
) 88.67% compared to head (6270c9a
) 88.67%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade serverless from 3.33.0 to 3.38.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **48 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-11-22. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Request Forgery (CSRF)
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-AXIOS-6144788](https://snyk.io/vuln/SNYK-JS-AXIOS-6144788) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | No Known Exploit | Improper Input Validation
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-6124857](https://snyk.io/vuln/SNYK-JS-AXIOS-6124857) | **462/1000**
**Why?** Proof of Concept exploit, CVSS 7.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: serverless
Features
Comparison since last release
Features
Bug Fixes
Comparison since last release
Features
Bug Fixes
Comparison since last release
Bug Fixes
Comparison since last release
Bug Fixes
Comparison since last release
Features
Bug Fixes
Comparison since last release
Features
Bug Fixes
Maintenance Improvements
got
dependency (#12040) (1775c90)Comparison since last release
Features
ruby3.2
runtime (#12004) (0a0a4fc) (Ryan Rickerts)AT_TIMESTAMP
starting position (#12034) (483ea16) (Ben)Bug Fixes
ip
configuration (#11889) (04db0f0) (Inqnuam)DependsOn
from user resources (#12009) (4582913) (Kirill Khoroshilov)Comparison since last release
Commit messages
Package name: serverless
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/benji-or7/project/160be9c9-3a12-4b96-8b92-7d2a121c9c1a?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/benji-or7/project/160be9c9-3a12-4b96-8b92-7d2a121c9c1a/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/benji-or7/project/160be9c9-3a12-4b96-8b92-7d2a121c9c1a/settings/integration?pkg=serverless&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)