plugin-serverless icon indicating copy to clipboard operation
plugin-serverless copied to clipboard
verified publisher icon twilio-labs

[Snyk] Security upgrade @twilio/cli-core from 4.6.0 to 5.31.0

Open twilio-product-security opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio/cli-core The new version differs by 184 commits.
  • ad437be chore(release): set `package.json` to 5.31.0 [skip ci]
  • 3eb6bf3 oaiFeat: Updated api definitions
  • 06e2cb1 feat: Added the github actions to send the slack notifications (#164)
  • ac25774 Resolve sec vulnerability (#166)
  • 188120a chore: [Snyk] Security upgrade @ oclif/plugin-help from 2.2.3 to 3.2.0 (#165)
  • 26e4594 chore(release): set `package.json` to 5.30.0 [skip ci]
  • c297f19 oaiFeat: Updated api definitions
  • 7749030 fix:Added the following changes: (#161)
  • 27bd508 chore: Added changes to use scripts instead of community Github actions (#155)
  • 5367ba5 Fixing the protected branch issue (#158)
  • d454b81 fix: fix naming (#157)
  • 8e5a785 chore(release): set `package.json` to 5.29.0 [skip ci]
  • 906518f fix: Updated api definitions
  • c49a4c8 Fixed the semantic github issue (#156)
  • c098538 Corrected the homebrew inputs for the workflow (#154)
  • 002dd1f feat: Enable GitHub actions. (#150)
  • 5c579b9 Release 5.28.3
  • 6ec8fe8 [Librarian] Regenerated @ 9a313923ef0eae61a7da7210b7d5de59e65a697c
  • cf3f4a0 Release 5.28.2
  • 8beaa37 [Librarian] Regenerated @ fdad267944635962308083659322c23f28226702
  • 56e9cd8 Removed sonar-code scan step
  • 9c0b6eb Created workflow file with dispatch event.
  • 6248e64 Release 5.28.1
  • a47b66a [Librarian] Regenerated @ 480d240ca25b1c4186b4f9485e0f0debf1e14978

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

twilio-product-security avatar Nov 05 '21 01:11 twilio-product-security