Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade newman from 4.5.7 to 5.2.4 #273

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SANITIZEHTML-2957526
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: newman The new version differs by 250 commits.
  • 62dbd15 Merge branch 'release/5.2.4'
  • 1052ecf Release v5.2.4
  • 0493253 Update dependencies
  • d94055c Merge branch 'release/5.2.3' into develop
  • ba2b4df Merge branch 'release/5.2.3'
  • c5aab0c Release v5.2.3
  • c597871 Update dependencies
  • 811d2d1 Merge pull request #2721 from Suhas-Gaikwad/patch-1
  • dcc5b9b Create SECURITY.md
  • 2a57036 Merge pull request #2692 from postmanlabs/dependabot/npm_and_yarn/postman-runtime-7.27.0
  • a02f666 Chore(deps): bump postman-runtime from 7.26.10 to 7.27.0
  • bc8dbe9 Merge pull request #2683 from postmanlabs/dependabot/npm_and_yarn/postman-collection-3.6.10
  • d8565e0 Merge pull request #2684 from postmanlabs/dependabot/npm_and_yarn/sinon-10.0.0
  • d16d0d4 Chore(deps): bump postman-collection from 3.6.9 to 3.6.10
  • 6651ad9 Merge pull request #2689 from postmanlabs/dependabot/npm_and_yarn/y18n-4.0.1
  • aa7785f Merge pull request #2693 from postmanlabs/dependabot/npm_and_yarn/semver-7.3.5
  • 57bc14a Merge pull request #2686 from postmanlabs/dependabot/npm_and_yarn/commander-7.2.0
  • 5a6cb9c Merge branch 'develop' into dependabot/npm_and_yarn/sinon-10.0.0
  • 760475c Merge pull request #2682 from postmanlabs/dependabot/npm_and_yarn/postman-request-2.88.1-postman.29
  • c814e15 Chore(deps): bump semver from 7.3.4 to 7.3.5
  • 3de8d0e Merge branch 'develop' into dependabot/npm_and_yarn/y18n-4.0.1
  • cfb1227 Merge pull request #2685 from postmanlabs/dependabot/npm_and_yarn/eslint-7.23.0
  • 6871d37 Merge pull request #2687 from postmanlabs/dependabot/npm_and_yarn/jsdoc-to-markdown-7.0.1
  • be037ab Merge branch 'develop' into dependabot/npm_and_yarn/postman-request-2.88.1-postman.29

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant