Skip to content
This repository has been archived by the owner on Apr 18, 2024. It is now read-only.

[Snyk] Security upgrade @requestly/requestly-proxy from 1.0.0 to 1.2.1 #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @requestly/requestly-proxy from 1.0.0 to 1.2.1 #15

wants to merge 1 commit into from

Conversation

sagarsoni7
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • app/package.json
    • app/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @requestly/requestly-proxy The new version differs by 77 commits.
  • f7bc202 fix: vulnerable dependency versions (#37)
  • cd5c694 fix: upgrade ws from 8.5.0 to 8.16.0 (#30)
  • 76bcedf fix: upgrade ua-parser-js from 1.0.33 to 1.0.37 (#32)
  • 2c36b80 fix: upgrade url from 0.11.0 to 0.11.3 (#33)
  • d026b50 fix: upgrade axios from 0.26.1 to 0.28.0 (#31)
  • f2110e4 fix: upgrade async from 3.2.3 to 3.2.5 (#34)
  • bb335ce Merge pull request #29 from requestly/RQ-1100-add-ca-regeneration-callback
  • 4726257 chore: version bump to v1.2.0
  • dba7745 feat: ProxyConfig now also takes optional paramter onCARegenerated to register callbacks for RootCA regeneration
  • 0581333 chore: version bump to v1.1.24
  • 011e2c7 chore: pass original status code to modify response function args (#28)
  • eb18c99 fixes: (#27)
  • 48981df chore: Version bump v1.1.23
  • 5b7e57c fix: connection establishment for secure web sockets (#26)
  • ae8d3ed chore: bump version to v1.1.22
  • ba3aa6d fix: parse response body for all intercepted requests (#25)
  • 5f1a758 chore: bump version to 1.1.21
  • 099ffd3 chore: bump version to 1.1.20 and update dist
  • f1473b0 [RQ-637] fix: allow static response modification for all content-type (#22)
  • 086d894 fix: request query params in log har object (#20)
  • 01cf063 chore: version bump v1.1.19
  • 72e4ffa chore: add application/manifest+json as intercepted content type (#19)
  • 2b4f6c3 chore: removed utils import from @ requestly/requestly-core and bump @ requestly/requestly-core to 1.0.3
  • e8904df chore: Version bump v1.1.18

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sagarsoni7 @snyk-bot