Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #2

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #2

wants to merge 2 commits into from

Conversation

twilio-product-security
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 57 commits.
  • e367be5 [Releasing] 0.21.3
  • 83ae383 Correctly add response interceptors to interceptor chain (#4013)
  • c0c8761 [Updating] changelog to include links to issues and contributors
  • 619bb46 [Releasing] v0.21.2
  • 82c9455 Create SECURITY.md (#3981)
  • 5b45711 Security fix for ReDoS (#3980)
  • 5bc9ea2 Update ECOSYSTEM.md (#3817)
  • e72813a Fixing README.md (#3818)
  • e10a027 Fix README typo under Request Config (#3825)
  • e091491 Update README.md (#3936)
  • b42fbad Removed un-needed bracket
  • 520c8dc Updating CI status badge (#3953)
  • 4fbeecb Adding CI on Github Actions. (#3938)
  • e9965bf Fixing the sauce labs tests (#3813)
  • dbc634c Remove charset in tests (#3807)
  • 3958e9f Add explanation of cancel token (#3803)
  • 69949a6 Adding custom return type support to interceptor (#3783)
  • 49509f6 Create FUNDING.yml (#3796)
  • 199c8aa Adding parseInt to config.timeout (#3781)
  • 94fc4ea Adding isAxiosError typeguard documentation (#3767)
  • 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
  • a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
  • 59fa614 [Updated] follow-redirects to the latest version (#3771)
  • 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: openai-api The new version differs by 15 commits.
  • 84feb8f Merge branch 'master' of https://github.com/Njerschow/openai
  • 0efd721 version bump
  • 8e59b20 Merge pull request #12 from Njerschow/fix_readme_mistake
  • 77d178a fix mismatch from README.md
  • 6b3a8e6 Merge pull request #11 from Njerschow/dependabot/npm_and_yarn/axios-0.21.1
  • 5c5d4f8 Bump axios from 0.19.2 to 0.21.1
  • 64b1b93 Merge branch 'master' of https://github.com/Njerschow/openai
  • 663b563 bump version, publish PR from @ uvafan
  • 8051ade Merge pull request [Snyk] Fix for 2 vulnerabilities #8 from uvafan/master
  • fd72ecf add logprobs and echo arguments
  • b3277cd fix error where we weren't passing the temperature parameter
  • 2f51967 fix error in readme
  • 2e02bc1 add openAI presence_penalty, frequency_penalty, and best_of params
  • 41cb879 Merge pull request [Snyk] Fix for 1 vulnerabilities #6 from AlbertGozzi/master
  • 0a74a4d added possibility to pass presence penalty, frequency penalty and bestOf parameters

See the full diff

Package name: twilio The new version differs by 43 commits.
  • 97f60c8 Release 3.54.2
  • 8c0898c [Librarian] Regenerated @ 15a74dddee9e2bba5fb0d673b5288e65d4ab3201
  • 9a7da3e chore: update template files
  • c226431 fix: url encoding for validateExpressRequest (#642)
  • 10fa1ec fix: axios update to v0.21.1 (#640)
  • bf4a89a Update .travis.yml
  • c270737 Update .travis.yml
  • ae96ebe Release 3.54.1
  • 58e69a6 [Librarian] Regenerated @ 15a74dddee9e2bba5fb0d673b5288e65d4ab3201
  • 1cb33f1 Release 3.54.0
  • aab9558 [Librarian] Regenerated @ 28cbb7d771677c50c64003cc2c5afc660ccc6fa3
  • a39b111 Release 3.53.0
  • 221fba8 [Librarian] Regenerated @ 0604d0d9a213f39954083b366c3fc667d22d702e
  • afec144 Release 3.52.0
  • 42ee8d3 [Librarian] Regenerated @ 146e53875c8c04da5a6c73f65aa5011ad65b2dfd
  • 4f2b4f9 chore: Move @ types dependencies to peerDependencies (#630)
  • 5289971 Release 3.51.0
  • 021203d [Librarian] Regenerated @ 551da0c03315c2791ce53816c329fd1fb37f471f
  • 528fc25 fix: X-Twilio-Signature validation when URL query parameters contain @ or : (#621)
  • 90f4c46 chore: update badge
  • a128488 feat: add regional twr header in the access token (#623)
  • 5a10bfd fix: remove request auth headers from debug logging (#622)
  • d1157f2 chore: pin jasmine for compatibility with older node versions (#625)
  • 0d5ff50 chore: update template files

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twilio-product-security @snyk-bot