Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: chokidar, colors, connect, event-stream, faye-websocket, http-auth, http-proxy, morgan, send #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: chokidar, colors, connect, event-stream, faye-websocket, http-auth, http-proxy, morgan, send #12

wants to merge 1 commit into from

Conversation

Exkaleburx
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

chokidar
from 2.1.5 to 2.1.8 | 2 versions ahead of your current version | 5 years ago
on 2019-08-21
colors
from 1.3.3 to 1.4.0 | 1 version ahead of your current version | 5 years ago
on 2019-09-22
connect
from 3.6.6 to 3.7.0 | 1 version ahead of your current version | 5 years ago
on 2019-05-18
event-stream
from 3.3.4 to 3.3.5 | 1 version ahead of your current version | 6 years ago
on 2018-09-05
faye-websocket
from 0.11.1 to 0.11.4 | 2 versions ahead of your current version | 3 years ago
on 2021-05-24
http-auth
from 3.1.3 to 3.2.4 | 2 versions ahead of your current version | 5 years ago
on 2019-10-02
http-proxy
from 1.17.0 to 1.18.1 | 2 versions ahead of your current version | 4 years ago
on 2020-05-17
morgan
from 1.9.1 to 1.10.0 | 1 version ahead of your current version | 4 years ago
on 2020-03-20
send
from 0.17.1 to 0.18.0 | 2 versions ahead of your current version | 2 years ago
on 2022-03-24

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Authentication Bypass
SNYK-JS-HTTPAUTH-471683		 669 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139		 669 Proof of Concept
Release notes
Package name: chokidar
  • 2.1.8 - 2019-08-21
  • 2.1.6 - 2019-05-15
  • 2.1.5 - 2019-03-22
from chokidar GitHub release notes
Package name: colors from colors GitHub release notes
Package name: connect from connect GitHub release notes
Package name: event-stream
  • 3.3.5 - 2018-09-05
  • 3.3.4 - 2016-07-17
from event-stream GitHub release notes
Package name: faye-websocket from faye-websocket GitHub release notes
Package name: http-auth
  • 3.2.4 - 2019-10-02
  • 3.2.3 - 2017-07-08
  • 3.1.3 - 2017-03-07
from http-auth GitHub release notes
Package name: http-proxy
  • 1.18.1 - 2020-05-17

    1.18.1

  • 1.18.0 - 2019-09-18

    Version 1.18.0

  • 1.17.0 - 2018-04-20

    Due to some great contributions I'm happy to announce a new release of http-proxy containing numerous bug fixes, feature additions and documentation improvements. Thanks to all who contributed for their patience and willingness to contribute despite perceived stagnation in activity in the project. I welcome all contributions and those who are interested in getting more involved with the project. Below I will highlight the changes that landed in the latest version but you can find the full diff of the changes in #1251

    • Add option to rewrite path of set-cookie headers. @ swillis12
    • Add option for overriding http METHOD when proxying request @ AydinChavez
    • Feature: selfHandleResponse for taking responsibility in returning your own response when listening on the proxyRes event. @ cpd0101 @ guoxiangyang
    • Add followRedirects option @ n30n0v
    • Document timeout option @ jlaamanen
    • Fix documentation typos @ carpsareokiguess
    • Document buffer option @ jonhunter1977
    • Include websocket non-upgrade response instead of just closing the socket. Allows auth schemes to be possible with websocket proxying. @ Tigge
    • Stop using the writeHead method explicitly and let node handle it internally to prevent thrown errors @ jakefurler
    • Be more defensive in handling of detecting response state when proxying @ thiagobustamante
from http-proxy GitHub release notes
Package name: morgan
  • 1.10.0 - 2020-03-20
    • Add :total-time token
    • Fix trailing space in colored status code for dev format
    • deps: basic-auth@~2.0.1
      • deps: safe-buffer@5.1.2
    • deps: depd@~2.0.0
      • Replace internal eval usage with Function constructor
      • Use instance methods on process to check for listeners
    • deps: on-headers@~1.0.2
      • Fix res.writeHead patch missing return value
  • 1.9.1 - 2018-09-11
    • Fix using special characters in format
    • deps: depd@~1.1.2
      • perf: remove argument reassignment
from morgan GitHub release notes
Package name: send from send GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

fix: upgrade multiple dependencies with Snyk
8cd0199 
Snyk has created this PR to upgrade:
  - chokidar from 2.1.5 to 2.1.8.
    See this package in npm: https://www.npmjs.com/package/chokidar
  - colors from 1.3.3 to 1.4.0.
    See this package in npm: https://www.npmjs.com/package/colors
  - connect from 3.6.6 to 3.7.0.
    See this package in npm: https://www.npmjs.com/package/connect
  - event-stream from 3.3.4 to 3.3.5.
    See this package in npm: https://www.npmjs.com/package/event-stream
  - faye-websocket from 0.11.1 to 0.11.4.
    See this package in npm: https://www.npmjs.com/package/faye-websocket
  - http-auth from 3.1.3 to 3.2.4.
    See this package in npm: https://www.npmjs.com/package/http-auth
  - http-proxy from 1.17.0 to 1.18.1.
    See this package in npm: https://www.npmjs.com/package/http-proxy
  - morgan from 1.9.1 to 1.10.0.
    See this package in npm: https://www.npmjs.com/package/morgan
  - send from 0.17.1 to 0.18.0.
    See this package in npm: https://www.npmjs.com/package/send

See this project in Snyk:
https://app.snyk.io/org/companykobiimports/project/a90f9058-c44f-4b1d-854d-1e59fe2bbaf2?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Exkaleburx @snyk-bot