Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade azure-storage from 1.4.0 to 2.8.3 #41

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade azure-storage from 1.4.0 to 2.8.3 #41

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: azure-storage The new version differs by 170 commits.
  • 692ac1e Bumped version of request module from ~2.83.0 to ^2.86.0 to solve a vulnerability issue
  • 02d9470 Updated version number changelog and readme
  • bddeb26 Updated samples to make descriptions of JavaScript API definitions clear
  • f78912c Updated local HTTP server requirement for IE11 and Chrome
  • 21d9c7c Remove 'preview' terms for JS GA; Remove browser compatibility matrix;
  • 83bea41 Update jsdoc title to including JavaScript
  • f98de27 Update README.md under browser folder about online sample urls
  • 204a3df Updated CONTRIBUTION.md about the Node.js supported version #249
  • d834b21 Improved JSDoc to clarify Node.js Writable and Readable stream #389
  • e71cf72 Fixed a README.MD mistake for FileService example
  • fa7b3be Fixed a TypeScript definition error that blobService.getUrl() misses snapshotId parameter
  • 72a3e4f Fixed a bug that retry policy will not retry for XHR error in browsers
  • f113628 Updated README.md under browser folder to make it more clear about the zip file downloading link
  • 084fd48 Fixed a bug that some test cases are missing
  • 02832ab Updated or skipped test cases due to browsers compatibility differences
  • 7d5a885 Move JS UT files into browser folder to avoid conflicts with Node.js mocha tests
  • 8ed336e UT/FT for JavaScript Client Library in Browsers
  • 78a09ef Merge pull request #424 from XiaoningLiu/module
  • e4b1fa4 Fixed wrong description in Readme and other files
  • 94aeb0c Updated version number and ChangeLog
  • 260e89a Added support for JavaScript UMD module
  • 6890d9f Update the request and validator package dependencies
  • 8588224 Adds replaceEntity and insertOrReplaceEntity
  • 043fd14 Fix type assignment in tests for env variables

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
4ec95a7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot