Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @twilio/cli-core from 6.8.1 to 7.6.1 #116

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @twilio/cli-core from 6.8.1 to 7.6.1 #116

wants to merge 1 commit into from

Conversation

twilio-product-security
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 534/1000
Why? Has a fix available, CVSS 6.4		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 Yes No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 Yes No Known Exploit
medium severity 554/1000
Why? Has a fix available, CVSS 6.8		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio/cli-core The new version differs by 40 commits.
  • 23e9e2b chore(release): set `package.json` to 7.6.1 [skip ci]
  • b3d59e9 fix: using npx instead of npm bin (#220)
  • abd04b7 oaiFix: Updated api definitions
  • 71c5a98 chore: update twilio node mvr version (#218)
  • b7f140e chore(release): set `package.json` to 7.6.0 [skip ci]
  • db7f46d oaiFeat: Updated api definitions
  • 72b9240 chore(release): set `package.json` to 7.5.3 [skip ci]
  • e57a2f0 oaiFix: Updated api definitions
  • 3a8570c chore(release): set `package.json` to 7.5.2 [skip ci]
  • 240c1b9 oaiFix: Updated api definitions
  • 783d02a chore(release): set `package.json` to 7.5.1 [skip ci]
  • 8fefe57 oaiFix: Updated api definitions
  • 345d27e chore(release): set `package.json` to 7.5.0 [skip ci]
  • 3e30a0b oaiFeat: Updated api definitions
  • ace9296 chore(release): set `package.json` to 7.4.3 [skip ci]
  • c6b6141 oaiFix: Updated api definitions
  • 2b2fbe6 chore: Update package.json
  • f1aa349 chore(release): set `package.json` to 7.4.2 [skip ci]
  • 1b99ec4 oaiFix: Updated api definitions
  • 75dc153 removing npmPublish changes
  • a60f34d set npmPublish to false
  • 3a055af chore(release): set `package.json` to 7.4.1 [skip ci]
  • 041ac0e oaiFix: Updated api definitions
  • 08cb4e6 chore(release): set `package.json` to 7.4.0 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twilio-product-security @snyk-bot