Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @twilio-labs/serverless-api from 5.2.1 to 5.4.3 #43

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade @twilio-labs/serverless-api from 5.2.1 to 5.4.3 #43

wants to merge 2 commits into from

Conversation

twilio-product-security
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @twilio-labs/serverless-api The new version differs by 58 commits.
  • e8fcd87 chore(release): publish %s
  • a2eb6d4 chore: remove Node 12 from Actions flow
  • 3b5d673 chore(serverless-api): turn off typedoc for now
  • 63b1319 test(serverless-api): temporarily turn off tests that use file-type
  • d6e1b42 chore(serverless-api): upgrade typescript version
  • 58cebe3 fix(twilio-run): replace listr and fix got usage
  • 970ebbd fix(serverless-api): change file-type package usage
  • b474072 chore(serverless-api): update got & file-type
  • 091b550 chore(twilio-run): update got version
  • 4cec2af chore(runtime-handler): update default twilio to 3.80.0
  • e793c65 chore: override @ types/prettier to fix build
  • fe6335d chore(release): publish %s
  • c96619a chore(release): publish %s
  • 14c33f0 chore: update node warning to 14 when running locally
  • 14cc9cf chore: two other mentions of node 12
  • e03e9b2 chore: updates default node version and messages about deploys
  • 33ca348 chore: update publish script/command
  • fe64e01 chore(release): publish %s
  • dd38dcf chore: highlight breaking Twilio CLI change
  • 38edf42 fix(twilio-run): corrects types
  • 024cad1 fix(runtime-handler): corrects types
  • 8a1c335 chore(plugin-serverless): updates @ twilio/cli-core to 6.0.0
  • c0bd842 chore(plugin-asssets): updates @ twilio/cli-core to 6.0.0
  • 3727708 chore(release): publish %s

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twilio-product-security @snyk-bot