Skip to content

[Snyk] Security upgrade acme-client from 5.0.0 to 5.1.0#80

Open
shcorya wants to merge 1 commit intomainfrom
snyk-fix-d747609ddb85d75827475e024d8104ee
Open

[Snyk] Security upgrade acme-client from 5.0.0 to 5.1.0#80
shcorya wants to merge 1 commit intomainfrom
snyk-fix-d747609ddb85d75827475e024d8104ee

Conversation

@shcorya
Copy link
Copy Markdown
Contributor

@shcorya shcorya commented Jan 21, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 No Proof of Concept
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-AXIOS-6144788		 No No Known Exploit
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Observable Discrepancy
SNYK-JS-JSRSASIGN-6070731		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: acme-client The new version differs by 9 commits.
  • 69223b7 Bump v5.1.0
  • 6d5b21d Bump dep axios@1.6.5
  • 1b9493d Bump dep jsrsasign@11.0.0
  • 6cf3167 Bump dev deps, typo in editorconfig
  • cc2d156 Replace uuid devdep with crypto.randomUUID
  • ec55c40 LICENSE, docs formatting, remove upgrade notice
  • 485e6d2 Fix package.json typo
  • b00238b Replace deprecated dtslint with tsd, bump types
  • 9452105 Add Node v20 to matrix, bump misc CI stuff

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shcorya @snyk-bot