[Snyk] Security upgrade @pyroscope/nodejs from 0.2.6 to 0.2.9

[sandeepdsvs]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @pyroscope/nodejs

The new version differs by 19 commits.

• 9162a2f Upgrade pprof-nodejs (Dest branch refactor #59)
• 1233f5f chore: version patch 0.2.9 (Kochava track event support #58)
• 670d780 chore(deps): bump axios from 0.26.1 to 0.28.0 (keen integration #57)
• e5d1349 chore(deps): Use axios v0.28.0 (Develop #56)
• b14fd00 chore(deps): bump semver and @ commitlint/cli (Dest autopilot #51)
• 132e895 chore(deps): Update required min nodejs version to v18 (Dest branch #55)
• 7dbae7c chore(deps-dev): bump @ babel/traverse from 7.15.4 to 7.23.9 (Feature azure blobstorage #49)
• 5cc8f1e chore(deps): bump minimatch from 3.0.4 to 3.1.2 (Updated test case and results #48)
• da3f7fa chore(deps-dev): bump json5 from 2.2.0 to 2.2.3 (Bigquery #52)
• 83a7bd4 chore(deps-dev): bump webpack from 5.52.1 to 5.76.0 (minio support for destination #53)
• 5a4f67e chore(deps-dev): bump tough-cookie from 4.0.0 to 4.1.3 (Cherrypicked commits of destination 'Branch' #54)
• beb3505 chore(deps): bump follow-redirects from 1.14.9 to 1.15.5 (changes in keys #47)
• 2a46fda chore(deps-dev): bump semver from 5.7.1 to 5.7.2 (GA fixes #46)
• c867613 chore(deps): bump protobufjs from 6.11.2 to 6.11.4 (Return back metadata with each transformed event #45)
• b31e385 Update README.md (update tests #44)
• 62dbb83 chore: version patch 0.2.8 (Torpedo production after sync with master #43)
• 30727ff fix: enable typescript declarations (Separate out custom transformation #42)
• 3664b49 chore: Update package.json project metadata (Separate out custom transformation #41)
• 4244d1d Fixing require/import statements in examples (Mailchimp as destination #34)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

[devops-github-rudderstack]

Test report for this run is available at: https://test-integrations-dev.s3.amazonaws.com/integrations-test-reports/rudder-transformer/3205/test-report.html

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 87.71%. Comparing base (46e5797) to head (158133e).
Report is 102 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3205      +/-   ##
===========================================
+ Coverage    87.70%   87.71%   +0.01%     
===========================================
  Files          550      550              
  Lines        29585    29616      +31     
  Branches      7056     7061       +5     
===========================================
+ Hits         25947    25978      +31     
- Misses        3302     3330      +28     
+ Partials       336      308      -28     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[devops-github-rudderstack]

This PR is considered to be stale. It has been open for 20 days with no further activity thus it is going to be closed in 7 days. To avoid such a case please consider removing the stale label manually or add a comment to the PR.

[devops-github-rudderstack]

This PR is considered to be stale. It has been open for 20 days with no further activity thus it is going to be closed in 7 days. To avoid such a case please consider removing the stale label manually or add a comment to the PR.