Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade requestretry from 1.13.0 to 7.0.0 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade requestretry from 1.13.0 to 7.0.0 #3

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Information Exposure
SNYK-JS-REQUESTRETRY-2411026		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: requestretry The new version differs by 91 commits.
  • 4569005 Release v7.0.0.
  • c7c47d6 test: add more test
  • f517344 Merge pull request #139 from Sampaguitas/master
  • 2768f5c Update leak.test.js
  • afa27ef Update leak.test.js
  • 2d822ad changes
  • 3c0d686 fix: 🤦
  • 95e7a3b fix: breaking test suite
  • 42f7e79 Merge pull request #138 from Sampaguitas/master
  • 0979c60 Prevent Cookie & Authorization Headers from being forwarded when the URL redirects to another domain (information leak) #137
  • 5e1a63c Update README.md
  • ebf3471 Update README.md
  • a450999 docs(changelog): updated
  • 1b8ea5c Release v6.0.0.
  • 42cedad Merge pull request #135 from markandrus/remove-when
  • 52d0603 fix: remove dependency on when in favor of native Promises
  • a1189ef docs(changelog): updated
  • 7b53cff Release v5.0.0.
  • 75c11aa Merge pull request #129 from dottedmag/handle-EBUSY
  • dd80892 Hanlde EBUSY error from DNS resolver
  • 8d7ca0d Update README.md
  • 8d9e398 Create FUNDING.yml
  • aa9c2ea docs(changelog): updated
  • 6550c2a Release v4.1.2.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot