npm-updater
npm-updater copied to clipboard
node-modules
[Snyk] Security upgrade urllib from 2.41.0 to 3.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6 |
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: urllib
The new version differs by 22 commits.- 53a32c3 Release 3.0.0
- 20944ee π¦ NEW: Support request and response events
- f01c264 π¦ NEW: Support HttpClient with rejectUnauthorized
- 61a915c π¦ NEW: Support options.auth
- cb084d9 π¦ NEW: Support custom lookup and checkAddress
- cc1c854 π¦ NEW: Support options.opaque = object
- f07c9f8 π¦ NEW: Support options.timing = true
- 70a75c6 π¦ NEW: Support options.compressed instead of gzip
- 936bc01 π IMPROVE: Support Node.js 14
- eb6c319 π¦ NEW: Support auto retry like HttpClient2
- b07a45e π IMPROVE: Use brotli instead of deflate
- a8876f2 π€ TEST: Big stream timeout
- 6b5a4f1 π¦ NEW: Use request instead of fetch
- c1218c5 π FIX: Try to use Readable first
- a67d9d1 π FIX: Dont parse empty data to json
- 2882f0e π€ TEST: Error cases for stream and writeStream
- 57ccc7e π¦ NEW: Support options.streaming = true
- f2ca7eb π¦ NEW: Support fixJSONCtlChars
- f5390f2 π¦ NEW: TS compiler both Commonjs and ESM support
- c3cc765 π¦ NEW: Support upload file by args.files
- 70a238d π€ TEST: Use jest and ts
- 26c44b7 π¦ NEW: [BREAKING] Refactor impl base on undici
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Server-side Request Forgery (SSRF)
New dependencies detected. Learn more about Socket for GitHub βοΈ
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/[email protected] | Transitive: environment, eval, filesystem, network, shell, unsafe | +40 |
3.45 MB | fengmk2 |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}