[Snyk] Fix for 1 vulnerabilities #834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

twilio-product-security wants to merge 1 commit into master

from snyk-fix-1ef34a0c6383e875454c7f8dfd2806cd

Open

[Snyk] Fix for 1 vulnerabilities #834

twilio-product-security wants to merge 1 commit into master from snyk-fix-1ef34a0c6383e875454c7f8dfd2806cd

Conversation

@twilio-product-security

Copy link

Contributor

@twilio-product-security twilio-product-security commented Dec 1, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
high severity	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: lint-staged

The new version differs by 77 commits.

072924f Merge pull request android cierra sesion al cambiar de aplicacion o pestaña navegador #724 from okonet/beta
f9e128d docs: Improve config section documentation
e1cd6ba Merge branch 'master' into beta
af58e6e docs: refine examples formatting (Passcode verification #767 )
82bee06 Merge branch 'master' into beta
af4604a docs: Improve documentation on the --debug flag (Bump loader-utils from 1.4.0 to 1.4.2 #766 )
bd3721f Merge branch 'master' into beta
8bdeec0 feat: throw error to prevent empty commits unless --allow-empty is used (Bump loader-utils from 1.4.0 to 1.4.1 #762 )
2cd1d37 docs: add funding property to package.json linking to Open Collective (Updating twilio-video to 2.25.0. #763 )
056723b docs: Document how to deal with eslintignore warnings (Screen Sharing and Token Issue #759 )
30b4809 fix: error handling skips dropping backup stash after internal git errors
da22cf2 fix: handle git MERGE_* files separately; improve error handling
20d5c5d feat: support async function tasks
f2a2702 Merge branch 'master' into beta
1b64239 fix: fail with a message when backup stash is missing
9913bb2 test: do not write file into repo during test run
d091f71 fix: correctly recover when unstaged changes cannot be restored
f8ddfc2 fix: restore metadata about git merge before running tasks
22ba124 refactor: minor optimizations
f3ae378 fix: better workaround for git stash --keep-index bug
33b9752 docs: improve example perfomance by returning single command (Bump jose from 2.0.5 to 2.0.6 #753 )
083b8e7 fix: automatically add modifications only to originally staged files
814b9df feat: bump Node.js version dependency to at least 10.13.0 (Whiteboard #747 )
0eedacd test: remove non-working concurrency tests for now

See the full diff

Package name: rimraf

The new version differs by 40 commits.

3b6b098 4.0.0
e0cffea ci: reduce workload even more
0e6646d ci: remove unnecessary lint filter
546e017 update action versions
6d88a65 tone down benchmark intensity
842a8d2 fix benchmark workflow yaml
1b91697 chore: add copyright year to license
08bbb06 rewrite in TS, export hybrid, update changelog, docs
1b3f46e drop support for node versions below 14
2e1f003 gh actions workflow for benchmarks
52f9370 tests for retry-busy behavior
188e3ed don't test on very old node versions
d1d5495 test for fix-eperm
e7501cd prettier formatting
40f64ec windows: only fall back to move-remove when absolutely necessary
b6f7819 update tap
99496cd test: run posix test on windows, why not?
51d43c1 benchmarks
6b8aa29 doc: correct os.tmp default
4b228c9 do not ever actually try to rmdir /
2442655 consolidate all the spellings of 'opt' into one
d4eec2e add cli script
0c82d74 accept strings, arrays of strings, and no other types
ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot


 fix: package.json & package-lock.json to reduce vulnerabilities

4f53f00

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Snyk] Fix for 1 vulnerabilities #834

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #834

Uh oh!

Conversation

@twilio-product-security twilio-product-security commented Dec 1, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants