[Snyk] Upgrade request-promise from 4.2.2 to 4.2.6

Snyk has created this PR to upgrade request-promise from 4.2.2 to 4.2.6.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released 2 years ago, on 2020-07-22.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: request-promise

4.2.6 - 2020-07-22
Version 4.2.6
4.2.5 - 2019-11-04
No content.
4.2.4 - 2019-02-15
No content.
4.2.3 - 2019-02-15
No content.
4.2.2 - 2017-09-22
No content.

from request-promise GitHub release notes

Commit messages

Package name: request-promise

4bc186d Version 4.2.6
4c7d51d chore: bumped request-promise-core due to security vulnerability of lodash
f364ee4 docs: reference to request deprecation and alternative libs
873d156 Merge pull request #341 from shisama/patch-1
052331d docs: deprecate this package
b4dafe4 docs: fixed link
fd52247 Version 4.2.5
a27ba86 chore: updated request-promise-core that updates lodash
4e3b7ed Version 4.2.4
94be6fe fix: tough-cookie version
03f7030 chore: updated publish-please config
d831905 Version 4.2.3 (now really)
37e8773 fix: updated indirect lodash dependency to fix security vulnerability
229225e Version 4.2.3
4f27097 chore: fix ci build for node v8+
c535eb6 Merge pull request #299 from aomdoa/fixToughCookieDep
488947b Merge branch 'master' into fixToughCookieDep
131abd7 fix: breaking change in tough-cookie v3
b454ddc chore: added node 8 and 10 to ci build
6d11ddc fix: typo
3a136ea Merge pull request #303 from lexjacobs/patch-1
5e32191 docs: mention of wrapped request errors
2ac4f3e Update rp.js
1457338 Workaround on the cookie processing test.

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

trasherdk / monero-nodejs

[Snyk] Upgrade request-promise from 4.2.2 to 4.2.6 #6

Snyk has created this PR to upgrade request-promise from 4.2.2 to 4.2.6.