Skip to content
This repository was archived by the owner on Jun 5, 2024. It is now read-only.

[Snyk] Security upgrade newrelic from 10.3.1 to 10.3.2 #193

Merged
merged 1 commit into from
Jun 28, 2023
Merged

[Snyk] Security upgrade newrelic from 10.3.1 to 10.3.2 #193

merged 1 commit into from
Jun 28, 2023

Conversation

nr-security-github
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: newrelic The new version differs by 8 commits.
  • eb1f840 chore: release v10.3.2 (#1701)
  • 4376584 security(deps): bump fast-xml-parser and @ aws-sdk/client-lambda (#1697)
  • b4a4948 chore(test): Fixed tap end/autoend calls in trace unit test (#1700)
  • 254c9c0 chore(test): Added t.end() to trace unit test (#1698)
  • 44b17ab chore(test): convert error-trace-aggregator.test.js to tap-style (#1690)
  • 0f957bd chore(deps): Updated security agent to v0.1.3 (#1696)
  • 727c17f chore(test): convert trace unit test to tap style (#1692)
  • 8d9b176 fix(prisma): check for query args in string property (#1684)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@codecov
Copy link

codecov bot commented Jun 27, 2023
edited
Loading

Codecov Report

Merging #193 (e6f4ca2) into main (cee094e) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #193   +/-   ##
=======================================
  Coverage   95.66%   95.66%           
=======================================
  Files          15       15           
  Lines         946      946           
=======================================
  Hits          905      905           
  Misses         41       41
Flag Coverage Δ
unit-tests-14.x 3.91% <ø> (ø)
unit-tests-16.x 3.91% <ø> (ø)
unit-tests-18.x 3.91% <ø> (ø)
versioned-tests-14.x 95.66% <ø> (ø)
versioned-tests-16.x 95.66% <ø> (ø)
versioned-tests-18.x 95.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@bizob2828 bizob2828 added the dev:deps Indicates updates to only dev deps label Jun 27, 2023
@bizob2828 bizob2828 merged commit 55ac220 into main Jun 28, 2023
@bizob2828 bizob2828 deleted the snyk-fix-994ccda55aafe1c34296f32e8ad79db7 branch June 28, 2023 17:24
This was referenced Jun 30, 2023
Closed
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bizob2828 bizob2828 bizob2828 approved these changes

Assignees
No one assigned
Labels
dev:deps Indicates updates to only dev deps
Projects
Node.js Engineering Board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nr-security-github @bizob2828 @snyk-bot