Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @parse/push-adapter from 4.1.2 to 5.1.0 #26

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade @parse/push-adapter from 4.1.2 to 5.1.0 #26

wants to merge 1 commit into from

Conversation

pradyum07
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @parse/push-adapter The new version differs by 26 commits.
  • b8cdf28 chore(release): 5.1.0 [skip ci]
  • be40b1d feat: Send Android push notifications to Firebase Cloud Messaging API (HTTP v1) by setting the push adapter option `firebaseServiceAccount` (#222)
  • 5536102 refactor: Upgrade npmlog from 4.1.2 to 7.0.1 (#228)
  • 0197d39 chore(release): 5.0.2 [skip ci]
  • 089149b fix: Security upgrade semver-regex from 3.1.3 to 3.1.4 (#210)
  • 7512294 chore(release): 5.0.1 [skip ci]
  • 7fe2446 fix: Security upgrade qs from 6.5.2 to 6.5.3 (#215)
  • 888ddba chore(release): 5.0.0 [skip ci]
  • 615e730 feat: Upgrade to node-apn 6.0.1, parse 4.2.0 (#227)
  • 94e507f chore(release): 4.2.5 [skip ci]
  • 83ca68f fix: Security upgrade json-schema and jsprim (#226)
  • 3da4fca chore(release): 4.2.4 [skip ci]
  • afdb28e fix: Security upgrade @ babel/traverse from 7.17.3 to 7.23.2 (#225)
  • f7784dc chore(release): 4.2.3 [skip ci]
  • 16863c0 fix: Security upgrade decode-uri-component from 0.2.0 to 0.2.2 (#214)
  • 0c9c4ac chore(release): 4.2.2 [skip ci]
  • ba48dd6 fix: Security upgrade http-cache-semantics from 4.1.0 to 4.1.1 (#216)
  • e4374ac ci: Add Node versions to test (#224)
  • 01efbe2 chore(release): 4.2.1 [skip ci]
  • cdcd186 docs: Minor refactor in README (#223)
  • 7aaab38 fix: Upgrade @ parse/node-apn from 5.2.1 to 5.2.3 (#221)
  • fdf59e7 chore(release): 4.2.0 [skip ci]
  • 3b932d1 feat: Upgrade @ parse/node-apn from 5.1.3 to 5.2.1 (#220)
  • ac13329 chore(release): 4.1.3 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pradyum07 @snyk-bot