Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade egg from 2.37.0 to 3.23.0 #193

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

atian25
Copy link
Member

@atian25 atian25 commented May 8, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: egg The new version differs by 161 commits.
  • d68ab6a Release 3.23.0
  • 9bf5f22 feat: use utility@2 (#5312)
  • ad1591b Release 3.22.0
  • a6ebe0f feat: app.httpClient alias to app.httpclient (#5304)
  • 23866ad test: add some missing unit tests for 'convertObject' (#5303)
  • abd1490 Release 3.21.0
  • 794d7f3 feat: tiny improvements for "convertValue" (#5302)
  • 84b162f docs: Fixed asynchronous error in NewsService list method by adding 'async' and 'await' (#5301)
  • 9957b9c Release 3.20.0
  • 61cd51d feat: urllib-next alias to npm:urllib (#5299)
  • 20702ad chore(site): add link of artus.js (#5298)
  • c5e53b8 doc: add revert doc (#5296)
  • 15fb67b docs: add missing paramter to meet the explaination (#5293)
  • 1a3c3eb Release 3.19.0
  • 77b5249 docs: modify the docs to make them better (#5292)
  • d771fdf chore: use actions/checkout@v4 (#5291)
  • d73046b feat: 优化中文文档表达 (#5290)
  • af2e543 Release 3.18.0
  • 1fd79a2 feat: auto set custom logger with onelogger (#5287)
  • 4471807 docs: Create SECURITY.md (#5252)
  • 1e29b79 Release 3.17.7
  • 4c24dac fix: omit koa application ctxStorage and currentContext define (#5285)
  • fcf3b73 Release 3.17.6
  • 17ee60b fix: typo on index.d.ts (#5284)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants