New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade nock from 1.9.0 to 8.0.0 #12

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-62608b9c1d4450db430dc5bf5b9f0237

snyk-bot commented Jan 6, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nock

The new version differs by 250 commits.

c7b156a v8.0.0
43e9b2f added missing dep
1735038 Merge branch 'greenkeeper-request-2.70.0'
568cd04 Merge branch 'master' into greenkeeper-request-2.70.0
ca251b3 making the latest version of lodash work
6d997a6 Merge pull request #521 from node-nock/greenkeeper-update-all
149d7ab fixes for latest tap version
361dc21 chore(package): update request to version 2.70.0
d4877f7 chore(package): update dependencies
5d8e77d v7.7.3
9684dc6 Merge pull request #520 from ericsaboia/master
2834178 properly remove interceptor with regex domain from the list after used
3ce48c9 Merge pull request #519 from Byron-TW/patch-1
35e4f4f Fix typo
842ecfc changelog update
646dfd2 v7.7.2
d8bbaab v7.7.1
b40d53a Merge branch 'master' of github.com:node-nock/nock
bc95ed6 v7.7.0
29af0e6 Merge pull request #514 from kevinburkeshyp/fix-req-no-match
3d08263 Merge pull request #512 from kevinburkeshyp/fix-typo
e4d7433 browserify bundle update
4aae26b request abort destroys socket. fixes #511
37d10ab Fix nock.emitter.on('no match') undefined argument

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json to reduce vulnerabilities

4d481e9

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:lodash:20180130

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet