Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade azure-storage from 2.10.3 to 2.10.6 #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade azure-storage from 2.10.3 to 2.10.6 #31

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: azure-storage The new version differs by 42 commits.
  • ad8472f Merge pull request #702 from EmmaZhu/master
  • ddc7e8b Upgrade json-schema to 0.4.0. fixed an issue where customized retry interval doesn't take effact.
  • 7a42c7b Merge pull request #699 from Azure/dependabot/npm_and_yarn/validator-13.7.0
  • 5c5f836 Bump validator from 13.6.0 to 13.7.0
  • c422631 Merge pull request #695 from EmmaZhu/validator
  • cf37807 Update package version to 2.10.5
  • 35676b4 Upgrade validator 13.6.0.
  • c2656be Merge pull request #684 from Azure/dependabot/npm_and_yarn/lodash-4.17.21
  • d813bde Merge pull request #690 from Azure/dependabot/npm_and_yarn/postcss-7.0.36
  • 58c92d1 Bump lodash from 4.17.19 to 4.17.21
  • b120cd5 Merge pull request #692 from Azure/dependabot/npm_and_yarn/path-parse-1.0.7
  • 0036af3 Merge pull request #682 from Azure/dependabot/npm_and_yarn/handlebars-4.7.7
  • 92dac84 Merge pull request #681 from Azure/dependabot/npm_and_yarn/grunt-1.3.0
  • 9efb7bc Merge pull request #674 from Azure/dependabot/npm_and_yarn/elliptic-6.5.4
  • ca9449c Bump ini from 1.3.5 to 1.3.8
  • 4896fce Bump path-parse from 1.0.6 to 1.0.7
  • b64a539 Update readme with links to the new Tables SDK (#689)
  • d77d825 Bump postcss from 7.0.32 to 7.0.36
  • bb8550b Fix test issues which are caused by short expiry time
  • 9c9e1ef Upgrade version to 2.10.4
  • 18e0ad2 Bump handlebars from 4.7.6 to 4.7.7
  • 96c97e4 Bump grunt from 1.2.1 to 1.3.0
  • 126bbf6 Update underscore to 1.12.1 (#677)
  • c1af3fa Bump elliptic from 6.5.3 to 6.5.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
c76504a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
@ctm8788
Copy link

ctm8788 commented Mar 14, 2022

@mike-goodwin can you review and approve this request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @ctm8788