Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade nock from 9.4.3 to 11.0.0 #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade nock from 9.4.3 to 11.0.0 #12

wants to merge 1 commit into from

Conversation

tiff-es
Copy link
Owner

@tiff-es tiff-es commented Jun 21, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nock The new version differs by 250 commits.
  • 11dba99 fix (#1659)
  • bf1d7d6 test: Clarify that cleanAll removes persistent mocks (#1647)
  • e661d0d bug(recorder): replace qs lib with native querystring. (#1653)
  • 05ae31e Refactor lifecycle tests using got / async (#1646)
  • 26fc08f Async Reply functions (always emit errors) (#1596)
  • 35221ce refactor: overhaul body and query matching (#1632)
  • 88e85ac fix: trigger release (#1645)
  • e744b0a bug: handle content-type request headers when arrays
  • 87cac20 refactor: default function arguments (#1640)
  • 9c504f6 refactor: default options on recorder, remove dead code (#1641)
  • ad264cb test: change tests to use test domain (#1639)
  • 4a4b8ec feat(overrider): added support for header modifications before end()
  • 213014b Display the badge correctly (#1637)
  • df1a5cd refactor: Convert Scope to a class (#1636)
  • 3bdadef refactor: Convert Socket to a class (#1635)
  • 08b1b6b refactor: Convert DelayedBody to a class (#1634)
  • f385edd Advertise and enforce 100% coverage, drop Coveralls (#1633)
  • 60a055b refactor(interceptor): separate hostname matching
  • 2a54482 feat(interceptor): duplicate query calls throw (#1630)
  • f015929 chore(deps): bump lodash from 4.17.11 to 4.17.13 (#1629)
  • c78ceb3 Clean up some more hostnames in tests (#1627)
  • a2208d1 feat(interceptor): duplicate query keys throw
  • 880224a refactor: Scope.pendingMocks
  • a201ac0 test(socket): add coverage for timeout without a callback

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tiff-es @snyk-bot