Skip to content

[Snyk] Security upgrade forge-apis from 0.4.4 to 0.9.0 #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade forge-apis from 0.4.4 to 0.9.0 #17

wants to merge 1 commit into from

Conversation

@dukedhx
Copy link
Owner

@dukedhx dukedhx commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node/package.json
    • node/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: forge-apis The new version differs by 37 commits.
  • e1caf38 updating test specs
  • bd9e171 removing or updating legacy packages, migrating request to superagent, bumping version number, fixing samples path issue
  • 70eefcd Adding SHA! control, deprecating createFolder API
  • 48d3448 s3 api added, fix tests, fix for defaultHeaders
  • d507067 removing DAv2, toekn and webhook bugfixes
  • b237f47 test restored
  • a7d1be4 test temp removal
  • 33f0ad6 pushing release 8.4
  • 8aa4cc9 Adding webhooks API - reported at #42
  • 585e62d objectid parameter for MD /properties
  • ae6cef8 adding JobPayloadMisc to index.js
  • aa2d79b node version + PR
  • 1c3699f bump version
  • 77df84d bump version
  • abd055a allowing using different servers concurrently, #67
  • d2740db update for svf2 support, bump version number
  • 408551f fix for #65 - wrong method for commands API
  • 33b121b move DA v2 depracted message to display only when using that API
  • 9bc0525 Adding 3legged implicit grant flow
  • 98bed64 W069 removel, getFolderParent() bugfix
  • 7fbde68 2 spaces -> tab, adding DerivativesApi.setReferences() and support for EU region
  • 748e29e upgrade dependencies, and fix test all
  • 03f09d2 Fix test failure, #44 and #48 (#58)
  • b0e5dee put / get with non hardcoded Content-Type / Accepts

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dukedhx @snyk-bot