opentelemetry-examples icon indicating copy to clipboard operation
opentelemetry-examples copied to clipboard
verified publisher icon lightstep

[Snyk] Security upgrade lightstep-opentelemetry-launcher-node from 0.11.0 to 0.13.0

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • nodejs/ot-shim/server/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lightstep-opentelemetry-launcher-node The new version differs by 22 commits.
  • 4bf1377 0.13.0
  • 63b6818 Merge pull request #32 from lightstep/prep_v0.13.0_release
  • 5dbcb0f chore: update changelog for v0.13.0 release
  • 106defa Merge pull request #31 from lightstep/config-improvements
  • f68be13 Apply suggestions from code review
  • ef5bddf chore: simplify types for configuration and env
  • af12971 Merge pull request #25 from lightstep/metrics
  • c435a0c chore: adding metrics to launcher
  • 1bdf0b2 0.12.0
  • b4e9719 docs: update changelog for v0.12.0 release
  • 349d615 Merge pull request #22 from lightstep/fix_readme_ex
  • df7b539 Merge pull request #24 from lightstep/update_otel_v012
  • 67fc83a chore: review
  • b013fc4 chore: upgrading npm packages
  • 5de9cf0 chore: upgrading to core v0.12.0 and contrib v0.11.0
  • 1c93fed Update README.md
  • 2578875 docs: fix example on readme
  • 97e6fc6 Update README.md
  • 2fb5913 Merge pull request #21 from lightstep/hostname-attr
  • 268c077 refactor: use sinon sandbox in hostname tests
  • e1b27ce feat: detect hostname from process.env if provided
  • ff4bcdb feat: add host.name resource attribute by default

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)

snyk-bot avatar Dec 06 '22 09:12 snyk-bot