Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade kafka-node from 0.5.9 to 2.1.0 #480

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade kafka-node from 0.5.9 to 2.1.0 #480

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: kafka-node The new version differs by 108 commits.
  • fabfc80 Bump version and update changelog (#733)
  • 0e68220 Consumer streams (#732)
  • 60e5e11 Add support for Producer API V1 and V2 (#730)
  • e20325e Upgrade to async 2 (#729)
  • 5271896 Api versions support (#726)
  • 2114683 use defaultDeep instead of default to merge retryOptions (#722)
  • 415c7b8 Allow broker to disconnect clients for being idle (#718)
  • d23e14b Fix doc for HLC addTopics method resolves #713 (#714)
  • ae57834 2.0.1 (#710)
  • 3fecae2 Fix issue in Client where this should be self (#708)
  • b483e5c 2.0.0 (#705)
  • 9c81c41 Fix message key payload and encoding/decoding (#704)
  • d7c6c25 Fix issue where KafkaClient ready flag was not set to true after successful connection (#701)
  • 14b65e6 Improve test stability (#698)
  • bcfb08d fix typos (#697)
  • 27ad9f1 Connect directly to kafka brokers using new client closes #666 (#691)
  • 2012edb Add support for other versions of kafka to test against (#694)
  • 100dfe1 Simplify CI script (#692)
  • 79e4a58 Run test under node 8 (#682)
  • 7be0e1c Update eslint deps (#679)
  • c129aca Add test to verify autoCommit off works to close #648 (#674)
  • bf1f04e Fix out of range error (#672)
  • a043b97 1.6.2 (#671)
  • b77c199 Fix #669 by revert bl change (#670)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot