search

twilio-labs / plugin-token

Twilio CLI plugin for generating access tokens for Twilio Chat, Video, etc.
MIT License
5 stars 14 forks source link

[Snyk] Security upgrade @twilio/cli-core from 7.2.1 to 7.6.1 #51

Open twilio-product-security opened 1 year ago

twilio-product-security commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 534/1000
Why? Has a fix available, CVSS 6.4		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 No No Known Exploit
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio/cli-core The new version differs by 27 commits.
  • 23e9e2b chore(release): set `package.json` to 7.6.1 [skip ci]
  • b3d59e9 fix: using npx instead of npm bin (#220)
  • abd04b7 oaiFix: Updated api definitions
  • 71c5a98 chore: update twilio node mvr version (#218)
  • b7f140e chore(release): set `package.json` to 7.6.0 [skip ci]
  • db7f46d oaiFeat: Updated api definitions
  • 72b9240 chore(release): set `package.json` to 7.5.3 [skip ci]
  • e57a2f0 oaiFix: Updated api definitions
  • 3a8570c chore(release): set `package.json` to 7.5.2 [skip ci]
  • 240c1b9 oaiFix: Updated api definitions
  • 783d02a chore(release): set `package.json` to 7.5.1 [skip ci]
  • 8fefe57 oaiFix: Updated api definitions
  • 345d27e chore(release): set `package.json` to 7.5.0 [skip ci]
  • 3e30a0b oaiFeat: Updated api definitions
  • ace9296 chore(release): set `package.json` to 7.4.3 [skip ci]
  • c6b6141 oaiFix: Updated api definitions
  • 2b2fbe6 chore: Update package.json
  • f1aa349 chore(release): set `package.json` to 7.4.2 [skip ci]
  • 1b99ec4 oaiFix: Updated api definitions
  • 75dc153 removing npmPublish changes
  • a60f34d set npmPublish to false
  • 3a055af chore(release): set `package.json` to 7.4.1 [skip ci]
  • 041ac0e oaiFix: Updated api definitions
  • 08cb4e6 chore(release): set `package.json` to 7.4.0 [skip ci]
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Use of a Broken or Risky Cryptographic Algorithm