search

twilio / twilio-cli

Unleash the power of Twilio from your command prompt
MIT License
161 stars 79 forks source link

[Snyk] Fix for 1 vulnerabilities #566

Open twilio-product-security opened 8 months ago

twilio-product-security commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-AXIOS-6144788](https://snyk.io/vuln/SNYK-JS-AXIOS-6144788) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @sendgrid/mail The new version differs by 9 commits.
  • b1c831f Release 8.0.0
  • 2f56e16 [Librarian] Version Bump
  • dc01933 Add an upgrade guide to main
  • 8a7e4eb feat!: node version upgrade, axios upgrade (#1391)
  • b8125d8 docs: updated the year in the license
  • 7d62da1 docs: Fix broken url on npmjs (#1376)
  • 3bab53b Adding misc as PR type (#1367)
  • 4b0eeda docs: Add use case for substitutions (#1363)
  • 3d8e645 docs: drop references to ISSUE_TEMPLATE.md
See the full diff
Package name: twilio The new version differs by 52 commits.
  • 2a51f83 Release 4.19.3
  • 90208b3 [Librarian] Regenerated @ 437c39e3f150e78058f5afb3ef0672e89fc59ec0
  • 00e852f Release 4.19.2
  • 5a3916d [Librarian] Regenerated @ 24dcf52b3ba6769ea21d08329aa544a79742b6c2
  • ce0804c chore: Removing Test Related To Deprecated Endpoint - OAuth (#963)
  • 23eca56 chore: twilio help changes (#958)
  • a981eb0 chore: Update axios to 1.6 to pull in fix for CVE 2023 45857 (#971)
  • e7bbeb1 chore: Removed LTS version (#978)
  • 1f6d8eb Release 4.19.1
  • 31e0189 [Librarian] Regenerated @ 5eb406c4977c9f6976e6053cb5b581056f541a59
  • de63541 Release 4.19.0
  • b86e2e0 [Librarian] Regenerated @ 922c1fef02b8c8fbbbe2315aa9b9d1dba49f3fc0
  • ed8ad97 chore: upgraded semver versions (#966)
  • 75361b2 chore: added feature request issue template (#964)
  • a23ee16 Release 4.18.1
  • 0ccd7ca [Librarian] Regenerated @ a25fe2e20ee404d8f8642d6e5acceff276916c9e
  • 316114b fix: update security method validatessl (#961)
  • 392fedd Release 4.18.0
  • 4af092a [Librarian] Regenerated @ c9ac9b9736431d573d8dec29ad3095eee969cdea
  • b39e374 Release 4.17.0
  • 8c2edfc [Librarian] Regenerated @ b32d3e1eba2177c81eeca51181f67e618fe86dbe
  • 7203ad0 Release 4.16.0
  • b4e6952 [Librarian] Regenerated @ 38fb28edc02f73b8635b45a5612c5ae33eab39fe
  • 70bc328 Release 4.15.0
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/twilio-47w/project/bcdaa192-bf05-42ef-8afd-8ba39df0db5e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/twilio-47w/project/bcdaa192-bf05-42ef-8afd-8ba39df0db5e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"f7274a4a-e751-4fa0-b7e4-518c520edd7e","prPublicId":"f7274a4a-e751-4fa0-b7e4-518c520edd7e","dependencies":[{"name":"@sendgrid/mail","from":"7.7.0","to":"8.0.0"},{"name":"twilio","from":"4.8.0","to":"4.19.3"}],"packageManager":"npm","projectPublicId":"bcdaa192-bf05-42ef-8afd-8ba39df0db5e","projectUrl":"https://app.snyk.io/org/twilio-47w/project/bcdaa192-bf05-42ef-8afd-8ba39df0db5e?utm_source=github-enterprise&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-AXIOS-6144788"],"upgrade":["SNYK-JS-AXIOS-6144788"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
sonarcloud[bot] commented 8 months ago

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud