Skip to content

[Snyk] Security upgrade aegir from 14.0.0 to 21.9.0 #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: CircleCI-v2
Choose a base branch
from
Open

[Snyk] Security upgrade aegir from 14.0.0 to 21.9.0 #155

wants to merge 1 commit into from

Conversation

adamlaska
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/circuit-relaying/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-SOCKETIOPARSER-3091012		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: aegir The new version differs by 250 commits.
  • cf7feea chore: release version v21.9.0
  • c265e7b chore: update contributors
  • bf81ee2 fix: add test to dependency check
  • d0371f6 chore: update deps
  • 64f16db feat: improve errors and dep check cmd
  • 9a2ad2c fix: remove karma junit
  • cefd014 fix: remove unused util
  • 84db276 chore: use the defaults for test loading
  • e229a66 feat: bump karma to 5.0.1
  • b1f80fd feat: bump extract-zip to 2.0.0
  • a2e9bdd chore: bump fs-extra to 9.0.0
  • 1fc810a chore: bump package-json-lint to 5.0.0
  • ce9d06a chore: bump chalk to 4.0.0
  • 9fef3e5 chore: update deps
  • cacb7af fix: bump electron to 8.2.2
  • e1e3161 chore: release version v21.8.1
  • 77d3a54 chore: update contributors
  • 1e90b5c fix: fix undefined hook return
  • 462fc86 chore: release version v21.8.0
  • bc8bf24 chore: update contributors
  • ee90e20 feat: forward env to webpack
  • 8b2498d chore: release version v21.7.0
  • b7a170e chore: update contributors
  • 4fc3220 feat: add download endpoint to echo server

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

@google-cla
Copy link

google-cla bot commented Nov 15, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamlaska @snyk-bot