[Snyk] Security upgrade ddp from 0.11.0 to 0.12.0 #21999

snyk-bot · 2021-05-10T13:23:17Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- private/node_scripts/unsubscribe_csv/package.json
- private/node_scripts/unsubscribe_csv/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Issue	Breaking Change	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
Timing Attack npm:http-signature:20150122	No	No Known Exploit
Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
Remote Memory Exposure npm:request:20160119	No	No Known Exploit

Commit messages

Package name: ddp

The new version differs by 9 commits.

b5a6932 Update README
d221554 Prepare for 0.12.0 release.
6a37c0e Merge pull request Remove flexbar in Home screen (click on Rocket.Chat logo) #72 from rclai/patch-1
3f51599 Merge pull request Turn "LOAD MORE" automatic when it comes into view, with loader. #73 from cfnelson/master
38e97b8 Merge pull request Page to configure many things of the chat, like external login services, SMTP address, etc. #78 from mayvn10/master
60e2540 0.11.0
3c3a80e 0.11.0 faye dependency
01298a3 Added try/catch for uncaught JSON parse error.
5fe08ff Fix adding changed handler on observer creator

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution npm:hoek:20180212	No Known Exploit
	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…_scripts/unsubscribe_csv/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:http-signature:20150122 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:request:20160119 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:tunnel-agent:20170305

CLAassistant · 2021-12-17T14:07:02Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

debdutdeb added the communityPR label Dec 16, 2021

ggazzo closed this Jul 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade ddp from 0.11.0 to 0.12.0 #21999

[Snyk] Security upgrade ddp from 0.11.0 to 0.12.0 #21999

snyk-bot commented May 10, 2021

CLAassistant commented Dec 17, 2021 •

edited

Loading

[Snyk] Security upgrade ddp from 0.11.0 to 0.12.0 #21999

[Snyk] Security upgrade ddp from 0.11.0 to 0.12.0 #21999

Conversation

snyk-bot commented May 10, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

With a Snyk patch:

CLAassistant commented Dec 17, 2021 • edited Loading

CLAassistant commented Dec 17, 2021 •

edited

Loading