[Snyk] Security upgrade cloudevents from 3.1.0 to 4.0.0 #377

snyk-bot · 2020-12-24T07:12:11Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/typescript-ex/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cloudevents

The new version differs by 36 commits.

97cf2f7 chore: release 4.0.0 (chore: release 4.0.0 #368)
d656362 build(deps): bump highlight.js from 10.3.2 to 10.4.1 (build(deps): bump highlight.js from 10.3.2 to 10.4.1 #372)
79296a8 chore: add a transition guide. fixes Transition doc for deprecated API's #360 (Deprecated API transition guide. #363)
9f86cfd fix: improve error messages when validating extensions
132f052 fix: package.json & package-lock.json to reduce vulnerabilities
6adb578 ci: disable @ typescript-eslint/no-explicit-any linter rule
43d9e01 feat: allow ensureDelivery to be able to ensure delivery on emit
d418a50 ci: add unit test for emitter
bda8581 docs: add Emitter logic example
25f9c48 feat: add EventEmitter to Emitter and singleton paradigm
875f700 feat!: Remove All API's that are labeled "Remove in 4.0" (Remove All API's that are labeled "Remove in 4.0" #362)
8205bc9 chore(package): Upgrade mocha from 7.1.2 to 8.2.0 ([Snyk] Security upgrade mocha from 7.1.2 to 8.2.0 #354)
765b81c chore: tag v3.2.0 as release-v3.2.0 for release-please (chore: tag v3.2.0 as release-v3.2.0 for release-please #353)
c4afacb chore(ci,releases): bump release-please-action to 2.5.5 (chore(ci,releases): bump release-please-action to 2.5.5 #350)
f6be285 fix: extend Node.js IncomingHttpHeaders in our Headers type (fix: extend Node.js IncomingHttpHeaders in our Headers type #346)
1446898 fix: do not alter an event's data attribute (fix: do not alter an event's data attribute #344)
138de37 docs: update README with latest API changes (docs: update README with latest API changes #347)
76688c4 chore: update release please to the latest release(2.4.1) (chore: update release please to the latest release(2.4.1) #345)
e334b6e feat: add emitterFactory and friends (feat: add emitterFactory and friends #342)
a9114b7 chore: add an automated GH action for releases (chore: add an automated GH action for releases #329)
eca43d9 fix: package.json & package-lock.json to reduce vulnerabilities ([Snyk] Fix for 2 vulnerabilities #338)
0a12146 docs: update README with maintainer names (docs: update README with maintainer names #337)
1fa3a05 feat: add a constructor parameter for loose validation (feat: add a constructor parameter for loose validation #328)
7423acb fix: upgrade cloudevents from 3.0.1 to 3.1.0 (fix: upgrade cloudevents from 3.0.1 to 3.1.0 #335)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>

Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>

snyk-bot and others added 2 commits January 6, 2021 09:53

fix: examples/typescript-ex/package.json to reduce vulnerabilities

3c5cb44

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>

chore: update example to use the 4.0 API

ab5332e

Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>

lholmquist force-pushed the snyk-fix-6723be0f74b64d3542d67ba08eaf36e6 branch from b37baea to ab5332e Compare January 6, 2021 14:53

lholmquist approved these changes Jan 6, 2021

View reviewed changes

lholmquist merged commit f851406 into main Jan 6, 2021

lholmquist deleted the snyk-fix-6723be0f74b64d3542d67ba08eaf36e6 branch February 16, 2023 17:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade cloudevents from 3.1.0 to 4.0.0 #377

[Snyk] Security upgrade cloudevents from 3.1.0 to 4.0.0 #377

Uh oh!

snyk-bot commented Dec 24, 2020

Uh oh!

Uh oh!

[Snyk] Security upgrade cloudevents from 3.1.0 to 4.0.0 #377

[Snyk] Security upgrade cloudevents from 3.1.0 to 4.0.0 #377

Uh oh!

Conversation

snyk-bot commented Dec 24, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Uh oh!