[Snyk] Fix for 6 vulnerabilities #5

issaShippo · 2023-11-26T15:28:43Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: deployd

The new version differs by 18 commits.

684b596 chore(release): 1.1.3
e351a03 chore: update and pin dependencies (#874)
df72ffe Doc: add maintainance warning on README (#872)
e838a3e Fix big numbers being parsed into integers when it wasn't safe to do so (#873)
ffea84b chore(release): 1.1.2 (#854)
c6d8fdb fix: don't overwrite http headers with defaults (#851)
dcf1b62 chore(release): 1.1.1 (#839)
4435a57 fix(internal-resources): namespaced resources could not be moved/renamed into other namespaces (#837)
93f4c0e fix(tests): improve a minor race condition in a test (#835)
c4397a5 Chore: Release 1.1.0 (#834)
aafd3fc Update readme with some best practices (#833)
4d22465 Allow specifying resources in subdirectories/namespaces. (eg. namespace/hello) (#832)
4331b3c fix(tests): run tests on random mongo port and update for new mocha/npm (#831)
fef4b14 Chore: Release 1.0.0 🎉 (#820)
2093fff Chore: remove support for node 0.12 and some unused deps (#825)
5fbaa1d Chore: remove `filed` as unused dependency (#821)
c9d0a91 refactor(*): remove dashboard and clientlib from deployd core module (#783)
626d4ad refactor: remove dpd cli from deployd core module (#776)

Package name: request-promise

The new version differs by 34 commits.

9b533b0 Version 4.0.0
796b317 docs: updated for v4 release
6833954 chore: updated promise-core
8aa5d1a docs: updated instructions for running request tests
e791f17 feat: better error message for missing peer dependency
8c42fda feat: inform about dropped CLS support
82ed81d docs: added change for the upcoming v4 release
510e272 docs: listed changes for the upcoming v4 release
b963290 docs: grammar
1cc3202 feat: full reimplementation using (at)request/promise-core
56a6fa1 Merge pull request #118 from jmm/api-opt-defaults
2b1c11b Add default opt values to API docs
061a6ae chore: node v6 support
364ec40 chore: improved formatting
7a5522f fix: typo
ee171f9 Merge pull request #115 from EvanCarroll/master
c3bb0dc updated to better differentiate json/html forms because underlying request.pm is really bad at giving a sane error here.
2854e04 Version 3.0.0
32d988a fix: TransformError for transform that returns rejected Promise
296b08d feat: apply transform to non-200 responses also in simple mode (issue #86)
0cfa8f2 feat: introduced TransformError for failed transforms
d678f35 refactor: error attribute assignment
2ad8792 feat: better StatusCodeError.message
dcd18ad v3 not yet released