search

twilio-labs / plugin-token

Twilio CLI plugin for generating access tokens for Twilio Chat, Video, etc.
MIT License
5 stars 14 forks source link

[Snyk] Fix for 1 vulnerabilities #55

Open twilio-product-security opened 1 year ago

twilio-product-security commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio/cli-core The new version differs by 27 commits.
  • 23e9e2b chore(release): set `package.json` to 7.6.1 [skip ci]
  • b3d59e9 fix: using npx instead of npm bin (#220)
  • abd04b7 oaiFix: Updated api definitions
  • 71c5a98 chore: update twilio node mvr version (#218)
  • b7f140e chore(release): set `package.json` to 7.6.0 [skip ci]
  • db7f46d oaiFeat: Updated api definitions
  • 72b9240 chore(release): set `package.json` to 7.5.3 [skip ci]
  • e57a2f0 oaiFix: Updated api definitions
  • 3a8570c chore(release): set `package.json` to 7.5.2 [skip ci]
  • 240c1b9 oaiFix: Updated api definitions
  • 783d02a chore(release): set `package.json` to 7.5.1 [skip ci]
  • 8fefe57 oaiFix: Updated api definitions
  • 345d27e chore(release): set `package.json` to 7.5.0 [skip ci]
  • 3e30a0b oaiFeat: Updated api definitions
  • ace9296 chore(release): set `package.json` to 7.4.3 [skip ci]
  • c6b6141 oaiFix: Updated api definitions
  • 2b2fbe6 chore: Update package.json
  • f1aa349 chore(release): set `package.json` to 7.4.2 [skip ci]
  • 1b99ec4 oaiFix: Updated api definitions
  • 75dc153 removing npmPublish changes
  • a60f34d set npmPublish to false
  • 3a055af chore(release): set `package.json` to 7.4.1 [skip ci]
  • 041ac0e oaiFix: Updated api definitions
  • 08cb4e6 chore(release): set `package.json` to 7.4.0 [skip ci]
See the full diff
Package name: eslint The new version differs by 250 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: espree@7.0.0 (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)
See the full diff
Package name: nyc The new version differs by 55 commits.
  • bebf4d6 chore(release): 15.0.0
  • 2931730 chore: Update to final releases of dependencies (#1245)
  • d44ff19 chore: Update node-preload and use process-on-spawn (#1243)
  • 5258e9f feat: Filenames relative to project cwd in coverage reports (#1212)
  • 6039f29 chore: Unpin test-exclude, update to latest pre-releases (#1240)
  • f3c9e6c chore: Temporarily pin test-exclude (#1239)
  • 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (#1232)
  • 7307626 chore: Remove cp-file module (#1230)
  • dfd629d fix: Better error handling for main execution, reporting (#1229)
  • 549c953 chore: Update dependencies, pin find-cache-dir (#1228)
  • a1dee03 chore: Update yargs (#1224)
  • 8078a79 chore: Fix 404 in README.md. (#1220)
  • 7a02cb7 chore: Add enterprise language (#1217)
  • ea94c7f chore: Remove unused functions (#1218)
  • 53c66b9 docs: `npm home nyc` goes to github master branch README (#1201)
  • cf5e5d3 chore: Update dependencies
  • 8411a26 fix: Correct handling of source-maps for pre-instrumented files (#1216)
  • f890360 docs: Fix URL to default excludes in README.md (#1214)
  • 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
  • 0efc6d1 chore: Tweak arguments for async coverage data readers (#1198)
  • cc77e13 chore: Add `use strict` to all except fixtures (#1197)
  • bcbe1df chore: Update dependencies (#1196)
  • 2735ee2 chore: 100% coverage (#1195)
  • fd40d49 feat: Use @ istanbuljs/schema for yargs setup (#1194)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)