Open rkazakov opened 9 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/snyk@1.996.0 | None | 0 |
41.6 MB | snyk-admin |
🚮 Removed packages: npm/@snyk/dep-graph@1.1.2, npm/@snyk/gemfile@1.1.0, npm/@yarnpkg/lockfile@1.1.0, npm/abbrev@1.1.1, npm/agent-base@4.2.1, npm/ansi-align@2.0.0, npm/ansicolors@0.3.2, npm/archy@1.0.0, npm/asap@2.0.6, npm/ast-types@0.11.7, npm/boxen@1.3.0, npm/bytes@3.0.0, npm/capture-stack-trace@1.0.1, npm/chardet@0.4.2, npm/cli-boxes@1.0.0, npm/clone-deep@0.3.0, npm/configstore@3.1.2, npm/create-error-class@3.0.2, npm/crypto-random-string@1.0.0, npm/data-uri-to-buffer@1.2.0, npm/deep-extend@0.6.0, npm/degenerator@1.0.4, npm/depd@1.1.2, npm/dockerfile-ast@0.0.12, npm/dot-prop@4.2.0, npm/duplexer3@0.1.4, npm/email-validator@2.0.4, npm/es6-promise@4.2.5, npm/es6-promisify@5.0.0, npm/external-editor@2.2.0, npm/file-uri-to-path@1.0.0, npm/ftp@0.3.10, npm/get-uri@2.0.2, npm/global-dirs@0.1.1, npm/got@6.7.1, npm/graphlib@2.1.7, npm/hasbin@1.2.3, npm/http-errors@1.6.3, npm/http-proxy-agent@2.1.0, npm/https-proxy-agent@2.2.1, npm/iconv-lite@0.4.23, npm/immediate@3.0.6, npm/import-lazy@2.1.0, npm/ini@1.3.5, npm/inquirer@3.3.0, npm/ip@1.1.5, npm/is-installed-globally@0.1.0, npm/is-npm@1.0.0, npm/is-obj@1.0.1, npm/is-path-inside@1.0.1, npm/is-redirect@1.0.0, npm/is-retry-allowed@1.1.0, npm/is-wsl@1.1.0, npm/jszip@3.1.5, npm/latest-version@3.1.0, npm/lie@3.1.1, npm/lodash.assign@4.2.0, npm/lodash.assignin@4.2.0, npm/lodash.clone@4.5.0, npm/lodash.clonedeep@4.5.0, npm/lodash.flatten@4.4.0, npm/lodash.get@4.4.2, npm/lodash.set@4.3.2, npm/lowercase-keys@1.0.1, npm/macos-release@1.1.0, npm/make-dir@1.3.0, npm/mixin-object@2.0.1, npm/nconf@0.10.0, npm/needle@2.2.4, npm/netmask@1.0.6, npm/opn@5.4.0, npm/os-name@2.0.1, npm/pac-proxy-agent@2.0.2, npm/pac-resolver@3.0.0, npm/package-json@4.0.1, npm/pako@1.0.7, npm/path@0.12.7, npm/prepend-http@1.0.4, npm/process@0.11.10, npm/promise@7.3.1, npm/proxy-agent@2.3.1, npm/proxy-from-env@1.0.0, npm/raw-body@2.3.3, npm/rc@1.2.8, npm/recursive-readdir@2.2.2, npm/registry-auth-token@3.3.2, npm/registry-url@3.1.0, npm/rx-lite-aggregates@4.0.8, npm/rx-lite@4.0.8, npm/secure-keys@1.0.0, npm/semver-diff@2.1.0, npm/setprototypeof@1.1.0, npm/shallow-clone@0.1.2, npm/smart-buffer@1.1.15, npm/snyk-config@2.2.0, npm/snyk-docker-plugin@1.14.0, npm/snyk-go-plugin@1.6.1, npm/snyk-gradle-plugin@2.1.2, npm/snyk-module@1.9.1, npm/snyk-mvn-plugin@2.0.1, npm/snyk-nodejs-lockfile-parser@1.10.1, npm/snyk-nuget-plugin@1.6.5, npm/snyk-php-plugin@1.5.1, npm/snyk-policy@1.13.3, npm/snyk-python-plugin@1.9.1, npm/snyk-resolve-deps@4.0.2, npm/snyk-resolve@1.0.1, npm/snyk-sbt-plugin@2.0.1, npm/snyk-tree@1.0.0, npm/snyk-try-require@1.3.1, npm/snyk@1.120.1, npm/socks-proxy-agent@3.0.1, npm/socks@1.1.10, npm/statuses@1.5.0, npm/temp-dir@1.0.0, npm/tempfile@2.0.0, npm/term-size@1.2.0, npm/then-fs@2.0.0, npm/thunkify@2.1.2, npm/timed-out@4.0.1, npm/toml@2.3.5, npm/undefsafe@2.0.2, npm/unique-string@1.0.0, npm/unpipe@1.0.0, npm/unzip-response@2.0.1, npm/update-notifier@2.5.0, npm/url-parse-lax@1.0.0, npm/util@0.10.4, npm/vscode-languageserver-types@3.14.0, npm/widest-line@2.0.1, npm/win-release@1.1.1, npm/xdg-basedir@3.0.0, npm/xml2js@0.4.19, npm/xmlbuilder@9.0.7, npm/xregexp@2.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **823/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 | Server-side Request Forgery (SSRF)
[SNYK-JS-IP-6240864](https://snyk.io/vuln/SNYK-JS-IP-6240864) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/rkazakov/project/c66fccb6-b70f-4970-b97e-83674a756d85?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/rkazakov/project/c66fccb6-b70f-4970-b97e-83674a756d85?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"a3f5fb9e-a76b-4632-bc6a-1d3562429e79","prPublicId":"a3f5fb9e-a76b-4632-bc6a-1d3562429e79","dependencies":[{"name":"snyk","from":"1.120.1","to":"1.996.0"}],"packageManager":"npm","projectPublicId":"c66fccb6-b70f-4970-b97e-83674a756d85","projectUrl":"https://app.snyk.io/org/rkazakov/project/c66fccb6-b70f-4970-b97e-83674a756d85?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-IP-6240864"],"upgrade":["SNYK-JS-IP-6240864"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[823],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Server-side Request Forgery (SSRF)](https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/?loc=fix-pr)