Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: , node-fetch, semver, uuid, vscode-languageserver-protocol, vscode-languageclient #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: , node-fetch, semver, uuid, vscode-languageserver-protocol, vscode-languageclient #1

wants to merge 1 commit into from
+378 −132

Conversation

organich
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@vscode/extension-telemetry
from 0.6.2 to 0.9.7 | 21 versions ahead of your current version | a month ago
on 2024-08-02
node-fetch
from 2.6.8 to 2.7.0 | 6 versions ahead of your current version | a year ago
on 2023-08-23
semver
from 7.3.8 to 7.6.3 | 10 versions ahead of your current version | 2 months ago
on 2024-07-16
uuid
from 9.0.0 to 9.0.1 | 1 version ahead of your current version | a year ago
on 2023-09-12
vscode-languageserver-protocol
from 3.17.2 to 3.17.5 | 13 versions ahead of your current version | a year ago
on 2023-09-26
vscode-languageclient
from 8.0.2 to 8.1.0 | 7 versions ahead of your current version | 2 years ago
on 2023-02-14

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 696 Proof of Concept
Release notes
Package name: @vscode/extension-telemetry
  • 0.9.7 - 2024-08-02

    Changes:

    • #213: Bump version + packages
    • #211: Update readme + support connection string
    • #210: Send user id in extension paylod
    • #207: Bump braces from 3.0.2 to 3.0.3
    • #206: Update packages
    • #204: Rollback packages

    This list of changes was auto generated.

  • 0.9.6 - 2024-03-22

    Update packages (#206)

  • 0.9.5 - 2024-03-20

    Rollback packages (#204)

  • 0.9.4 - 2024-03-20
    • Allows measurements to also be undefined for easy omitting, similar to how properties work
  • 0.9.3 - 2024-02-29
    • Improves on the user agent metric shown when navigator.userAgentData is unavailable. Thanks to @ sezna
    • Fixes a bug with telemetry fetching using app insights on older version of node. Thanks to @ devm33
  • 0.9.2 - 2023-12-19

    This release contains a small fix to the 1DS package used by Microsoft extensions in the web to ensure compliance with the California's Global Privacy Control. If you're not a Microsoft extension, then it is safe to disregard this release as it contains no new features or improvements for the third party flow.

  • 0.9.1 - 2023-12-12

    Thanks to a community contribution by @ ilia-db the unhandlederror event handler has been properly fixed to include common properties.

  • 0.9.0 - 2023-11-01

    Application insights web basics comes with the ability to pass in a fetch pollyfill that allows it to be used for both Node and Web. This is similar to what we already do for first party extensions using the 1DS package.

    While there is no breaking changes here, the replacement of a key dependency with what should be an equivalent alternative may have unknown edge cases that were not accounted for, therefore the version has been bumped to reflect this.

    Bundlephobia reports a 67Kb decline in bundle size with this change.

  • 0.8.5 - 2023-09-20
    • Improves shutdown performance by lessening the amount of time which is allocated to disposing the telemetry reporters. Additionally, removes a few redundant flushes. Fixes microsoft/vscode#192742
  • 0.8.4 - 2023-08-24
    • Fixes a bug where if the user's connection were to drop during a session, telemetry would no longer send for the rest of that session
    • Fixes a bug with sendRawTelemetryEvent sending key: key pairs instead of key: value pairs
  • 0.8.3 - 2023-08-14
  • 0.8.2 - 2023-07-21
  • 0.8.1 - 2023-07-05
  • 0.8.0 - 2023-05-18
  • 0.7.7 - 2023-03-15
  • 0.7.5 - 2023-02-06
  • 0.7.4-preview - 2023-01-03
  • 0.7.3-preview - 2022-12-15
  • 0.7.2-preview - 2022-11-15
  • 0.7.1-preview - 2022-11-12
  • 0.7.0-preview - 2022-11-08
  • 0.6.2 - 2022-06-27
from @vscode/extension-telemetry GitHub release notes
Package name: node-fetch from node-fetch GitHub release notes
Package name: semver from semver GitHub release notes
Package name: uuid from uuid GitHub release notes
Package name: vscode-languageserver-protocol
  • 3.17.5 - 2023-09-26
  • 3.17.4 - 2023-09-19
  • 3.17.4-next.3 - 2023-08-22
  • 3.17.4-next.2 - 2023-07-14
  • 3.17.4-next.1 - 2023-05-15
  • 3.17.4-next.0 - 2023-04-19
  • 3.17.3 - 2023-02-14
  • 3.17.3-next.6 - 2023-01-16
  • 3.17.3-next.5 - 2023-01-11
  • 3.17.3-next.4 - 2022-12-15
  • 3.17.3-next.3 - 2022-12-09
  • 3.17.3-next.2 - 2022-11-07
  • 3.17.3-next.1 - 2022-08-31
  • 3.17.2 - 2022-07-13
from vscode-languageserver-protocol GitHub release notes
Package name: vscode-languageclient
  • 8.1.0 - 2023-02-14
  • 8.1.0-next.6 - 2023-01-16
  • 8.1.0-next.5 - 2023-01-11
  • 8.1.0-next.4 - 2022-12-15
  • 8.1.0-next.3 - 2022-12-09
  • 8.1.0-next.2 - 2022-11-08
  • 8.1.0-next.1 - 2022-08-31
  • 8.0.2 - 2022-07-13
from vscode-languageclient GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
0da7bfe 
Snyk has created this PR to upgrade:
  - @vscode/extension-telemetry from 0.6.2 to 0.9.7.
    See this package in npm: https://www.npmjs.com/package/@vscode/extension-telemetry
  - node-fetch from 2.6.8 to 2.7.0.
    See this package in npm: https://www.npmjs.com/package/node-fetch
  - semver from 7.3.8 to 7.6.3.
    See this package in npm: https://www.npmjs.com/package/semver
  - uuid from 9.0.0 to 9.0.1.
    See this package in npm: https://www.npmjs.com/package/uuid
  - vscode-languageserver-protocol from 3.17.2 to 3.17.5.
    See this package in npm: https://www.npmjs.com/package/vscode-languageserver-protocol
  - vscode-languageclient from 8.0.2 to 8.1.0.
    See this package in npm: https://www.npmjs.com/package/vscode-languageclient

See this project in Snyk:
https://app.snyk.io/org/organich/project/4fd175dd-72ed-4735-b208-9a1dbc8b8b29?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@organich @snyk-bot