raindigi / cloudcannon-suite

:couch_and_lamp: An opinionated set of tools to build and maintain static sites
https://suite.cloudcannon.com/
0 stars 0 forks source link

[Snyk] Fix for 2 vulnerabilities #96

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Open Redirect
SNYK-JS-NODEFORGE-2330875
Yes Proof of Concept
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-NODEFORGE-2331908
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: googleapis The new version differs by 153 commits.
  • 20409df chore: release 49.0.0 (#2022)
  • 7de4e78 chore(deps): update dependency null-loader to v4 (#2044)
  • 340f78d chore(deps): update dependency ts-loader to v7 (#2043)
  • 254f878 chore: remove unused dev packages (#2042)
  • f4eb6e0 chore: update lint ignore files (#2040)
  • 0110f3e docs: update readme for drive readme (#2039)
  • 73d284b fix(deps): update common and auth (#2038)
  • 476b71e test: use discovery docs from fixture (#2037)
  • 3a3b61d build: remove unused codecov config (#2034)
  • fea414a feat!: regenerate the API (#2028)
  • 48a4f05 chore(dep)!: deprecate node 8 (#2021)
  • 99ebacf test: the kitchen sink system test sometimes times out (#2020)
  • 05090da fix: apache license URL (#468) (#2017)
  • d15c656 chore: remove duplicate mocha config (#2016)
  • 874edc3 build: update templates (#2013)
  • dc16586 build: set AUTOSYNTH_MULTIPLE_COMMITS=true for context aware commits (#2012)
  • 741c58b chore: update github actions configuration (#1999)
  • 1fe744b chore(deps): update dependency @ types/rimraf to v3 (#1995)
  • 5512eb5 chore(deps): update dependency typedoc to ^0.17.0 (#1993)
  • 0a4db38 chore: release 48.0.0 (#1979)
  • 074f641 fix: allow an empty requestBody to be provided for APIs that support multipart post (#1988)
  • 8bcb212 feat!: run the generator (adds: displayvideo, gamesConfiguration, managedidentities, networkmanagement) (#1989)
  • 8677588 build(tests): fix coveralls and enable build cop (#1982)
  • 0679c78 build: update linkinator config (#1981)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic