Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade a2r from 2.7.0 to 2.8.7 #47

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade a2r from 2.7.0 to 2.8.7 #47

wants to merge 1 commit into from

Conversation

miguelBinpar
Copy link
Collaborator

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: a2r The new version differs by 16 commits.
  • 8233ba1 fix in method wrapper header
  • 28f6a19 fix in user model (roles)
  • 6c97c22 chore: audit fix and packages updated
  • 7218d3d version bump
  • 340bc28 adding CLUSTER_URL on internal petitions, and also hostname in a2rhost header
  • 664c476 method wrapper fix CU-1mmn9jx
  • 8548134 Now server listens to changes in utils, tools and additional customizable folders CU-b8yn3j
  • 672d66e Merge branch 'release/v2.7.3' into develop
  • a423b39 version update to v2.7.3
  • 6e0e208 added missing import to api proxy
  • d094058 Merge branch 'release/v2.7.2' into develop
  • 37ede51 version updated to v2.7.2
  • fb11051 fixed socket provider
  • 5b96ae3 Merge branch 'release/v2.7.1' into develop
  • ec57a6a version updated to v2.7.1
  • d0859e9 check server framework fixed

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

@miguelBinpar
Copy link
Collaborator Author

Task linked: CU-1mmn9jx Fix en method wrapper

@miguelBinpar
Copy link
Collaborator Author

Task linked: CU-b8yn3j Escuchar cambios en server fuera de api y model

1 similar comment
@miguelBinpar
Copy link
Collaborator Author

Task linked: CU-b8yn3j Escuchar cambios en server fuera de api y model

@miguelBinpar
Copy link
Collaborator Author

Task linked: CU-1mmn9jx Fix en method wrapper

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miguelBinpar @snyk-bot