Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #22

wants to merge 1 commit into from

Conversation

bielversallini
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @opentelemetry/sdk-node The new version differs by 21 commits.
  • 0ef1fc2 chore: release proposal 0.25.0 (#2415)
  • f129138 chore: hoist dependencies to speed up ci (#2416)
  • 40d0423 chore(deps): update all non-major dependencies (#2414)
  • bdb12da chore: Fix lint warnings in propagator-jaeger, propagator-b3, resources, and sdk-metrics-base packages (#2406)
  • 33e6f71 docs: fix examples in website_docs/instrumentation.md (#2412)
  • 5b4ca1c fix(instrumentation-fetch): `fetch(string, Request)` silently drops request body (#2411)
  • 90ea0fe fix(@ opentelemetry/exporter-collector): remove fulfilled promises cor… (#1775)
  • 4553b29 chore: Fix lint warnings in core package (#2405)
  • 3fc8bc9 feat: use Blob in sendBeacon to add application/json type (#2336)
  • eb3cd50 Website docs update 0821 (#2400)
  • 9790070 refactor: move detectors to opentelemetry-js-contrib repo (#2392)
  • 3eb5386 chore(deps): update commitlint monorepo to v13 (major) (#2384)
  • 46a42a1 fix: respect sampled flag in Span Processors, fix associated tests (#2396)
  • f180870 chore: sort entries in tsconfig (#2402)
  • 365d502 chore: update doc identifier names in readme (#2399)
  • 08828b4 chore: fix Lint warnings in api-metrics and context-zone-peer-dep (#2390)
  • b69ff35 chore(deps): update all non-major dependencies (#2401)
  • a8d3931 chore: rename sdks to better represent what they are [#2146] (#2340)
  • 4e78e4b chore: change codeowners to point to team (#2397)
  • e1b3e98 chore: move api into dependencies in integration tests (#2385)
  • 3b9cd16 chore(deps): update all non-major dependencies (#2383)

See the full diff

Package name: nestjs-otel The new version differs by 23 commits.
  • 037fe28 Merge pull request #105 from pragmaticivan/release-v2.5.0
  • 5ccc978 chore: release 2.5.0
  • 6efb0a5 feat: add defaultLabels support
  • 28a9310 build: update packages
  • 1734328 Merge pull request #99 from pragmaticivan/dependabot-npm_and_yarn-main-eslint-plugin-import-2.24.2
  • f9753d0 Merge pull request #98 from pragmaticivan/dependabot-npm_and_yarn-main-husky-7.0.2
  • 9c13918 Merge pull request #92 from pragmaticivan/dependabot-npm_and_yarn-main-supertest-6.1.6
  • 25fce62 Merge pull request #90 from pragmaticivan/dependabot-npm_and_yarn-main-ts-jest-27.0.5
  • 574fea7 build(deps-dev): bump ts-jest from 27.0.4 to 27.0.5
  • 7b7ea35 build(deps-dev): bump supertest from 6.1.5 to 6.1.6
  • 6c9581e Merge pull request #94 from pragmaticivan/dependabot-npm_and_yarn-main-types-jest-27.0.1
  • 23534ec Merge pull request #95 from pragmaticivan/dependabot-npm_and_yarn-main-jest-27.1.0
  • 0717a69 Merge pull request #91 from pragmaticivan/dependabot-npm_and_yarn-main-types-node-16.7.10
  • 780c1d5 Merge pull request #93 from pragmaticivan/dependabot-npm_and_yarn-main-typescript-4.4.2
  • fbab5b7 chore: update discord invite
  • c544512 build(deps-dev): bump eslint-plugin-import from 2.23.4 to 2.24.2
  • a3a3301 build(deps-dev): bump husky from 7.0.1 to 7.0.2
  • b56e1f8 build(deps-dev): bump jest from 27.0.6 to 27.1.0
  • b1f858c build(deps-dev): bump @ types/jest from 26.0.24 to 27.0.1
  • d7b0639 build(deps-dev): bump typescript from 4.3.5 to 4.4.2
  • fdf7951 build(deps-dev): bump @ types/node from 16.6.1 to 16.7.10
  • 4e8b20a chore: add Stargazers on readme
  • 061c0e4 chore: add codeql-analysis workflow

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bielversallini @snyk-bot