Skip to content

[Snyk] Fix for 1 vulnerabilities #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aditya-opsverse wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #19

aditya-opsverse wants to merge 1 commit into from

Conversation

@aditya-opsverse
Copy link
Contributor

@aditya-opsverse aditya-opsverse commented Oct 10, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node.js/package.json
    • node.js/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @opentelemetry/auto-instrumentations-node The new version differs by 52 commits.
  • bd79bd0 chore: release main (#1214)
  • 6667853 chore: add renovate config for OTel core experimental (#1246)
  • c7f08fe fix: address webpack memory issue for browser tests (#1264)
  • c63d2a4 fix(mongodb): use net.peer namespace for mongo host and port (#1257)
  • e72ea58 fix: separate public and internal types for all instrumentations (#1251)
  • 1db3b7e fix: allow hapi plugin from array to be registered as argument (#1253)
  • 55c1a98 chore(deps): update dependency @ types/node to v18 (#1259)
  • 20767c4 feat(cassandra-responsehook): added response hook to execute func (#1180)
  • d0a10eb fix(deps): update dependency gcp-metadata to v5 (#1009)
  • 4777e9b chore(deps): update amannn/action-semantic-pull-request action to v5 (#1239)
  • fd2480a fix(aws-sdk): bump aws-sdk instrumentation version to align with previous release (#1247)
  • 524d98e fix(graphql): graphql instrumentation throw for sync calls (#1254)
  • 23589d6 chore: update badges in README (#1232)
  • 1d5a2a9 chore: remove NathanielRN from component owner (#1234)
  • 682d610 fix: remove types of the instrumented libs form public apis (#1221)
  • 6300733 feat(koa): add layer type to request hook context (#1226)
  • d291d3d test: reduce number of aws-sdk versions for tav (#1231)
  • fe79e29 chore: move fastify to dev dependencies (#1228)
  • a2719c5 fix: Add applying patch debug log to pino module (#1225)
  • 2777a79 fix(dns): remove lookupPromise polyfill for node8 dns promise tests (#1223)
  • 180b336 fix(instrumentation-fs): fix `fs.exists` when it's util.promisified (#1222)
  • a6f054d feat(pg): add requireParentSpan option (#1199)
  • 5da46ef feat: support `graphql` v16 (#998)
  • 502caae feat: container ID detector for cgroup v2 (#1181)

See the full diff

Package name: express The new version differs by 130 commits.
  • 8e229f9 4.21.1
  • a024c8a fix(deps): cookie@0.7.1
  • 7e562c6 4.21.0
  • 1bcde96 fix(deps): qs@6.13.0 (#5946)
  • 7d36477 fix(deps): serve-static@1.16.2 (#5951)
  • 40d2d8f fix(deps): finalhandler@1.3.1
  • 77ada90 Deprecate `"back"` magic string in redirects (#5935)
  • 21df421 4.20.0
  • 4c9ddc1 feat: upgrade to serve-static@0.16.0
  • 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
  • ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
  • 54271f6 fix: don't render redirect values in anchor href
  • 125bb74 path-to-regexp@0.1.10 (#5902)
  • 2a980ad merge-descriptors@1.0.3 (#5781)
  • a3e7e05 docs: specify new instructions for `question` and `discuss`
  • c5addb9 deps: path-to-regexp@0.1.8 (#5603)
  • e35380a docs: add @ IamLizu to the triage team (#5836)
  • f5b6e67 docs: update scorecard link (#5814)
  • 2177f67 docs: add OSSF Scorecard badge (#5436)
  • f4bd86e Replace Appveyor windows testing with GHA (#5599)
  • 2ec589c Fix Contributor Covenant link definition reference in attribution section (#5762)
  • 4cf7eed remove minor version pinning from ci (#5722)
  • 6d08471 📝 update people, add ctcpip to TC (#5683)
  • 61421a8 skip QUERY tests for Node 21 only, still not supported (#5695)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aditya-opsverse @snyk-bot