CASS icon indicating copy to clipboard operation
CASS copied to clipboard
verified publisher icon cassproject

[Snyk] Security upgrade undici from 6.10.2 to 6.11.1

Open Lomilar opened this issue 1 year ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 416/1000
Why? Recently disclosed, Has a fix available, CVSS 2.6		 Improper Access Control
SNYK-JS-UNDICI-6564963		 No No Known Exploit
low severity 481/1000
Why? Recently disclosed, Has a fix available, CVSS 3.9		 Improper Authorization
SNYK-JS-UNDICI-6564964		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: undici The new version differs by 25 commits.
  • 6df3c73 Bumped v6.11.1
  • c346b66 Revert "fix: don't leak internal class (#3024)"
  • d542b8c Merge pull request from GHSA-9qxr-qj54-h672
  • 6805746 Merge pull request from GHSA-m4v8-wqvr-p9f7
  • ee5f892 Bumped v6.11.0
  • 71a6d74 Merge branch 'main' of github.com:nodejs/undici
  • 0f0f239 fix: regexp pattern (#3041)
  • 31f9e67 build(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#3036)
  • c8a43ae fixup
  • 8b5e2c8 fixup
  • f8bd60f fixup
  • c61b5f9 fix(#2364): concurrent aborts (#3005)
  • c18df9c chore(automerge): remove unnecessary actions:write permission (#3021)
  • 9e47216 chore(workflows/nightly.yml): create issue only on all fail (#3020)
  • 4b86ede chore: add automated CI testing with —no-intl node (#3015)
  • b197a01 fix(workflows): missing top-level content.read permissions (#3013)
  • 03e7b0c fix: node:util instead of util (#3007)
  • 6131341 enhancement: link to the contributing guide from the README (#3003)
  • 3ac3682 Merge branch 'main' of github.com:nodejs/undici
  • 8dea744 build(deps-dev): bump borp from 0.9.1 to 0.10.0 (#2947)
  • 63f0fee build(deps-dev): bump tsd from 0.30.7 to 0.31.0 (#3038)
  • 63968e0 build(deps): bump codecov/codecov-action from 4.1.0 to 4.1.1 (#3034)
  • 2d5cbdf fix: don't leak internal class (#3024)
  • d7f10e1 refactor(#3023): Pass headers as array instead (#3025)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Access Control

Lomilar avatar Apr 05 '24 23:04 Lomilar

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Apr 05 '24 23:04 sonarqubecloud[bot]