twilio-labs / actions-sms

Send an SMS through GitHub Actions
MIT License
150 stars 40 forks source link

[Snyk] Security upgrade twilio from 3.34.0 to 4.0.0 #53

Closed twilio-product-security closed 1 year ago

twilio-product-security commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 599/1000
Why? Has a fix available, CVSS 7.7
Improper Input Validation
SNYK-JS-JSONWEBTOKEN-3180020
Yes No Known Exploit
medium severity 534/1000
Why? Has a fix available, CVSS 6.4
Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022
Yes No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024
Yes No Known Exploit
medium severity 554/1000
Why? Has a fix available, CVSS 6.8
Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: twilio The new version differs by 250 commits.
  • ccbb504 Release 4.0.0
  • 32a9a06 [Librarian] Regenerated @ a72b955e51d75514f3c944c81b9db17278cfad69
  • 3e712b0 fix: remove Flex shortcuts for removed APIs (#902)
  • 21ad190 docs: update link to exceptions example for 4.x release (#901)
  • 449f5b2 docs: use long property descriptions if available (#899)
  • 8da34f6 docs: add relevant Refer/Say/ssml links to upgrade guide; formatting (#895)
  • 3c68014 fix: use break() for method names rather than break_() (#897)
  • 6dff2f9 chore: readd ts tests to test rule (#888)
  • b471067 feat!: Merge branch '4.0.0-rc' to main (#883)
  • d9244e3 Release 3.84.1
  • c0e0b62 [Librarian] Regenerated @ 82775d167bff9b55d1399fe288c2934a02411e8c
  • fafd110 docs: updated the year in the license
  • cb21935 test: bypass audit failures until v4 release (#848)
  • b2a3738 Release 3.84.0
  • b1d283a [Librarian] Regenerated @ 964f1611ab7481d828261f49551385a276499e30
  • 08d60d4 docs: add commands to install release candidates (#821)
  • ad711a4 Release 3.83.4
  • b4d67a4 [Librarian] Regenerated @ 262cdcd92a729094d792ceac9c0d3fcf895fea3d
  • 0810481 Release 3.83.3
  • 860f240 [Librarian] Regenerated @ 2df4ac3e3d4eef8966d6e3125164dfe43634b9d7
  • 096cf01 chore: upgrade GitHub Actions dependencies (#823)
  • 44409a3 docs: update the year in the license
  • 9bef73e Release 3.83.2
  • 92974a5 [Librarian] Regenerated @ 18375def60d612c8e8bd57ea6e45050211ba4c08
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm