search

twilio-labs / plugin-serverless

Twilio CLI plugin to work with Serverless
MIT License
21 stars 14 forks source link

[Snyk] Fix for 4 vulnerabilities #73

Open twilio-product-security opened 2 years ago

twilio-product-security commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		 Yes No Known Exploit
medium severity 490/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio/cli-core The new version differs by 184 commits.
  • ad437be chore(release): set `package.json` to 5.31.0 [skip ci]
  • 3eb6bf3 oaiFeat: Updated api definitions
  • 06e2cb1 feat: Added the github actions to send the slack notifications (#164)
  • ac25774 Resolve sec vulnerability (#166)
  • 188120a chore: [Snyk] Security upgrade @ oclif/plugin-help from 2.2.3 to 3.2.0 (#165)
  • 26e4594 chore(release): set `package.json` to 5.30.0 [skip ci]
  • c297f19 oaiFeat: Updated api definitions
  • 7749030 fix:Added the following changes: (#161)
  • 27bd508 chore: Added changes to use scripts instead of community Github actions (#155)
  • 5367ba5 Fixing the protected branch issue (#158)
  • d454b81 fix: fix naming (#157)
  • 8e5a785 chore(release): set `package.json` to 5.29.0 [skip ci]
  • 906518f fix: Updated api definitions
  • c49a4c8 Fixed the semantic github issue (#156)
  • c098538 Corrected the homebrew inputs for the workflow (#154)
  • 002dd1f feat: Enable GitHub actions. (#150)
  • 5c579b9 Release 5.28.3
  • 6ec8fe8 [Librarian] Regenerated @ 9a313923ef0eae61a7da7210b7d5de59e65a697c
  • cf3f4a0 Release 5.28.2
  • 8beaa37 [Librarian] Regenerated @ fdad267944635962308083659322c23f28226702
  • 56e9cd8 Removed sonar-code scan step
  • 9c0b6eb Created workflow file with dispatch event.
  • 6248e64 Release 5.28.1
  • a47b66a [Librarian] Regenerated @ 480d240ca25b1c4186b4f9485e0f0debf1e14978
See the full diff
Package name: eslint-config-oclif The new version differs by 50 commits.
  • b41e879 chore(release): 3.1.1 [skip ci]
  • 188f803 fix: allow release from main branch
  • d58f559 Update to latest standards (#85)
  • ec95e5d chore: sync dependabot.yml (#81)
  • 849b2b7 build!: require node 12+ (#82)
  • 8ae10c6 Remove Codecov
  • a850bb2 chore(deps): bump eslint-plugin-unicorn from 28.0.2 to 30.0.0 (#67)
  • 799269e chore(deps): bump eslint-config-xo-space from 0.25.0 to 0.27.0 (#63)
  • 2f65616 chore(deps): bump eslint-plugin-mocha from 8.0.0 to 8.1.0 (#64)
  • 93097f3 chore(deps-dev): bump eslint from 7.21.0 to 7.23.0 (#66)
  • af3acef chore(deps-dev): bump eslint from 7.17.0 to 7.21.0 (#61)
  • 3fe82a9 chore(deps): bump eslint-plugin-unicorn from 25.0.1 to 28.0.2 (#62)
  • 130c798 chore(deps-dev): bump eslint from 7.15.0 to 7.17.0 (#57)
  • 4f130cc chore(deps): bump eslint-plugin-unicorn from 21.0.0 to 25.0.1 (#56)
  • ccf8472 chore: sync dependabot.yml (#53)
  • 8202c27 chore(deps-dev): bump eslint from 7.6.0 to 7.15.0 (#52)
  • ad29e51 chore: sync dependabot.yml (#43)
  • 4c2f489 chore(deps): bump eslint-plugin-mocha from 7.0.1 to 8.0.0 (#40)
  • 6c49e07 chore(deps-dev): bump eslint from 7.5.0 to 7.6.0 (#39)
  • 1df696d chore: sync dependabot.yml (#38)
  • d93e12d chore(deps-dev): bump eslint from 7.4.0 to 7.5.0 (#37)
  • eb010e3 chore(deps): bump eslint-plugin-unicorn from 20.1.0 to 21.0.0 (#36)
  • 412a5f7 chore(deps): bump lodash from 4.17.15 to 4.17.19 (#35)
  • a613406 chore(deps-dev): bump eslint from 7.3.1 to 7.4.0 (#34)
See the full diff
Package name: nyc The new version differs by 127 commits.
  • bebf4d6 chore(release): 15.0.0
  • 2931730 chore: Update to final releases of dependencies (#1245)
  • d44ff19 chore: Update node-preload and use process-on-spawn (#1243)
  • 5258e9f feat: Filenames relative to project cwd in coverage reports (#1212)
  • 6039f29 chore: Unpin test-exclude, update to latest pre-releases (#1240)
  • f3c9e6c chore: Temporarily pin test-exclude (#1239)
  • 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (#1232)
  • 7307626 chore: Remove cp-file module (#1230)
  • dfd629d fix: Better error handling for main execution, reporting (#1229)
  • 549c953 chore: Update dependencies, pin find-cache-dir (#1228)
  • a1dee03 chore: Update yargs (#1224)
  • 8078a79 chore: Fix 404 in README.md. (#1220)
  • 7a02cb7 chore: Add enterprise language (#1217)
  • ea94c7f chore: Remove unused functions (#1218)
  • 53c66b9 docs: `npm home nyc` goes to github master branch README (#1201)
  • cf5e5d3 chore: Update dependencies
  • 8411a26 fix: Correct handling of source-maps for pre-instrumented files (#1216)
  • f890360 docs: Fix URL to default excludes in README.md (#1214)
  • 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
  • 0efc6d1 chore: Tweak arguments for async coverage data readers (#1198)
  • cc77e13 chore: Add `use strict` to all except fixtures (#1197)
  • bcbe1df chore: Update dependencies (#1196)
  • 2735ee2 chore: 100% coverage (#1195)
  • fd40d49 feat: Use @ istanbuljs/schema for yargs setup (#1194)
See the full diff
Package name: twilio-run The new version differs by 250 commits.
  • 1695a1d chore(release): publish %s
  • 989307d feat: add support for request headers & cookies (#373)
  • d2321f3 test(runtime-handler): add assets redirect integration test
  • 0d5aab9 fix(twilio-run): fall back to /assets/index.html for root path
  • 54bfeda fix(runtime-handler): fall back to assets/index.html for root path
  • 68232df Update clone command (#364)
  • ae05049 fix(twilio-run): support exact dependency ranges in templates (#370)
  • b5d6771 chore(serverless-runtime-types): release 2.1.2
  • 3007a45 chore(serverless-runtime-types): add bundle to gitignore
  • 7a24b87 feat(serverless-runtime-types): provide bundled type files (#369)
  • 15501ea chore: update dependencies (#359)
  • 5f3d4d8 chore: release pre-release version
  • cd28c72 chore(release): publish %s
  • 67a8fd8 fix(twilio-run): limit json output in deploy command
  • 5a24ed8 feat(twilio-run): add environment sid support
  • 7702dca feat(serverless-api): add support for env SIDs in deploy
  • 86de2ae fix(create-twilio-function): adds rootDir to generated tsconfig.json (#362)
  • 75067a9 feat(twilio-run): updates env list command to use writeJsonOutput function
  • 9476496 test(twilio-run): updates snapshot with help output for output-format
  • 691513b feat(twilio-run): adds json output to twilio-run promote
  • 0342f53 feat(twilio-run): adds json output to twilio-run list
  • d49d7e0 feat(twilio-run): adds json output to twilio-run list-templates
  • 9ae1478 feat(twilio-run): adds json output to twilio-run deploy
  • da33cfb fix(twilio-run): expose env set and import commands (#341)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic