-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade: , , , typescript #312
base: master
Are you sure you want to change the base?
[Snyk] Upgrade: , , , typescript #312
Conversation
Snyk has created this PR to upgrade: - @octokit/rest from 18.5.4 to 21.0.2. See this package in npm: https://www.npmjs.com/package/@octokit/rest - @pagerduty/pdjs from 2.2.2 to 2.2.4. See this package in npm: https://www.npmjs.com/package/@pagerduty/pdjs - @slack/webhook from 5.0.4 to 7.0.3. See this package in npm: https://www.npmjs.com/package/@slack/webhook - typescript from 4.3.2 to 5.5.4. See this package in npm: https://www.npmjs.com/package/typescript See this project in Snyk: https://app.snyk.io/org/mikolaj-roszak/project/89fafb7b-1110-4112-b075-f376a919f601?utm_source=github&utm_medium=referral&page=upgrade-pr
Micro-Learning Topic: Regular expression denial of service (Detected by phrase)Matched on "Regular Expression Denial of Service"Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Try a challenge in Secure Code WarriorMicro-Learning Topic: Weak input validation (Detected by phrase)Matched on "Improper Input Validation"Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Cross-site request forgery (Detected by phrase)Matched on "Cross-site Request Forgery"Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page. Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Denial of service (Detected by phrase)Matched on "Denial of Service"The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service Try a challenge in Secure Code WarriorMicro-Learning Topic: Information disclosure (Detected by phrase)Matched on "Information Exposure"Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Try a challenge in Secure Code Warrior |
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@octokit/rest
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
from 18.5.4 to 21.0.2 | 56 versions ahead of your current version
on 2024-08-16
@pagerduty/pdjs
from 2.2.2 to 2.2.4 | 2 versions ahead of your current version | 3 years ago
on 2021-11-23
@slack/webhook
from 5.0.4 to 7.0.3 | 6 versions ahead of your current version
on 2024-08-15
typescript
from 4.3.2 to 5.5.4 | 1140 versions ahead of your current version
on 2024-07-22
Issues fixed by the recommended upgrade:
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-AXIOS-1579269
SNYK-JS-AXIOS-6032459
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-AXIOS-6124857
SNYK-JS-FOLLOWREDIRECTS-2396346
Release notes
Package name: @octokit/rest
21.0.2 (2024-08-16)
Bug Fixes
21.0.1 (2024-07-17)
Bug Fixes
21.0.0 (2024-06-20)
Features
BREAKING CHANGES
21.0.0-beta.4 (2024-06-19)
Bug Fixes
21.0.0-beta.3 (2024-04-30)
Features
21.0.0-beta.2 (2024-04-16)
Bug Fixes
21.0.0-beta.1 (2024-03-05)
Bug Fixes
add explicit type anotation (3ddd79e)
build: adapt for ESM (aad55f4)
bump deps (21f1aaa)
deps: bump deps (f179b0b)
deps: update octokit monorepo (aed67c2)
docs: update for ESM (42be65a)
Empty commit to trigger release (828467b)
BREAKING CHANGES
20.1.1 (2024-05-03)
Bug Fixes
20.1.0 (2024-04-03)
Features
20.0.2 (2023-09-25)
Bug Fixes
Package name: @slack/webhook
What's Changed
This patch release bumps the minimum version of axios to 1.7.4 to address a CVE - see Axios 1.7.4 release notes for more information.
Changelog
Full Changelog: https://github.com/slackapi/node-slack-sdk/compare/@ slack/web-api@7.0.2...@ slack/webhook@7.0.3
What's Changed
This patch release bumps the minimum version of axios to 1.7.4 to address a CVE - see Axios 1.7.4 release notes for more information.
Changelog
Full Changelog: https://github.com/slackapi/node-slack-sdk/compare/@ slack/socket-mode@2.0.1...@ slack/rtm-api@7.0.1
Package name: typescript
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on: