AnilistBot icon indicating copy to clipboard operation
AnilistBot copied to clipboard
verified publisher icon Fazendaaa

[Snyk] Security upgrade socks from 2.2.1 to 2.7.2

Open Fazendaaa opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: socks The new version differs by 49 commits.
  • b428d7c bleh
  • df8e077 3.0.0
  • 209c398 update github workflow
  • 0c016fc remove ip package
  • 76d013e 2.7.1
  • 6352745 Bug fix createConnectionChain - creating a tunnel (#88)
  • 6ad8587 adjust github action versions
  • 96f729d Drop coverage+coveralls
  • e776150 2.7.0 - Bump dependencies & fix ts linter errors
  • ed272b1 fix: deprecation warning for "new Buffer" usage (#85)
  • b17d402 devops: migrate CI workflow to GitHub Actions and tslint->eslint (#84)
  • 5ebc0c4 Add a note about node-socks-proxy-agent (#83)
  • 9f347b3 Fixed bug in createConnectionChain where host property was ignored while building connection chain of proxies. Bumped version to 2.6.2 (#80)
  • 1619a55 Update README.md (#75)
  • 6c777c2 2.6.1
  • e6f18eb added remoteHost to info callback variable upon successful socks5 connection (#69)
  • 7f3bd8b Update README.md
  • 0bfb6be 2.6.0
  • 12cd5b3 Added custom_auth_method support for custom socks authentication. (#66)
  • 4e390c8 2.5.1
  • 03cd4a7 Add file with extenstion to typings property value (#64)
  • 6c22108 2.5.0
  • 17168b4 Updated dependencies
  • 40890dc Modifies createConnection and createConnectionChain to funnel connection option validation errors through callbacks & promises when appropriate.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

Fazendaaa avatar Feb 13 '24 03:02 Fazendaaa