devrel-examples icon indicating copy to clipboard operation
devrel-examples copied to clipboard
verified publisher icon Asana

[Snyk] Upgrade asana from 0.17.3 to 0.18.4

Open snyk-bot opened this issue 5 years ago • 0 comments

Snyk has created this PR to upgrade asana from 0.17.3 to 0.18.4.

merge advice

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2020-04-08.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-608086		 544/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-590103		 544/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 544/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-567746		 544/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: asana
  • 0.18.4 - 2020-04-08

    Adds missing resource objects.

    Upgrades misc. dependencies.

  • 0.18.3 - 2020-04-02

    Added robust debugging for requests.

    client.dispatcher.debug(true);
  • 0.18.2 - 2020-04-02

    Fixes an issue with dispatcher parsing options

  • 0.18.1 - 2020-04-02

    Fixes jenkins build

  • 0.18.0 - 2020-02-14

    This version converts our client libraries to use the OpenAPI spec. We also switched to a more consistent naming convention. This version keeps the old methods and adds the new methods.

  • 0.17.3 - 2019-09-19

    Fixes some reverse compatibility issues
    Allows params on the Events endpoint

from asana GitHub release notes
Commit messages
Package name: asana
  • 226ea24 Version bump
  • 54bee7b Updated travis node version tests
  • 5ef492d Upgraded some packages. Fixed missing resource declarations like batchAPI
  • 3ddfe28 Version bump
  • fa57b8b Adding better debugging to node-asana
  • 6c28c41 indexOf did not work
  • bf74c79 Version bump
  • 042f5ac Change dispatcher to use indexOf instead of 'in'
  • 41dc2e9 Version bump
  • f0a2e02 removed node 4 from travis
  • 8bc0494 Merge branch 'master' of github.com:Asana/node-asana
  • 68b788a Fixed tests
  • 7476161 Merge pull request #201 from Asana/dependabot/npm_and_yarn/handlebars-4.7.3
  • 89faefa Bump handlebars from 4.1.2 to 4.7.3
  • e63d8c4 Merge pull request #200 from barslev/master
  • 6eede62 Updated bluebird to version 3
  • e16c110 Merge pull request #197 from Asana/rossgrambo-openapi-conversion
  • 5cb6610 Merge branch 'master' of github.com:Asana/node-asana
  • 0eed2fa version bump
  • 51d4633 Merge branch 'master' into rossgrambo-openapi-conversion
  • a213b50 Removed POST attachments generation
  • d726a6f Merge pull request #198 from UnityOfFairfax/patch-1
  • 2854732 Update README.md
  • e926e46 Updated description for user params

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

snyk-bot avatar Aug 28 '20 06:08 snyk-bot