[Snyk] Fix for 4 vulnerabilities #10

snyk-bot · Jul 13, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
539/1000 Why? Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: postman-collection

The new version differs by 203 commits.

0e637dc Merge branch 'release/4.0.0' into main
242bc6c Release v4.0.0
80b1af0 Merge pull request CSV delimiter fix postmanlabs/newman#1202 from postmanlabs/feature/v4-chores
4a31f9d Ignore code coverage for btoa for Node v16
0f89948 Update CHANGELOG
45cc242 Update TS declaration
eb0a62f Update build-types script
06a0df4 Update package.json
8006073 Update code coverage target to 100%
c79f05b Add tests for uncover lines and branches
8967d04 Cleanup code
3f8d9d7 Fix serialization of cookie extensions on .toString()
0e5a7ca Ignore code coverage for unreachable paths
05f4f8c Drop support for Node < 10
e2f7066 Update .editorconfig and .gitattributes
a75f24c Update dependencies
85240ec Update unit test script
8123652 Update npm scripts
f18c434 Update system test
aa92833 Remove puppeteer dependency
41e343f Remove wiki build script
02a6f63 Remove collection schema
ef4f827 Fix lint
d6699b0 Update eslint rules

See the full diff

Package name: postman-runtime

The new version differs by 213 commits.

1695db1 Merge branch 'release/7.28.2'
3aace65 Release v7.28.2
3d23d2f Update dependencies
e6f8635 Fix cookies test
0740884 Merge pull request Update eslint to the latest version 🚀 postmanlabs/newman#1161 from postmanlabs/feature/redirect-cookies
e6af515 Update CHANGELOG
907b007 Add test for cookies list on redirect
f326d5c Add /redirect-to path to fixture http server
348bd2f Fetch cookies for the final request sent
9f1da12 Merge branch 'release/7.28.1' into develop
a3304a0 Merge branch 'release/7.28.1'
57b70b4 Release v7.28.1
f45cdfb Update CHANGELOG
7ee6e8c Merge pull request Update js-yaml to the latest version 🚀 postmanlabs/newman#1153 from postmanlabs/dependabot/npm_and_yarn/httpntlm-1.7.7
b7db0ee Merge branch 'develop' into dependabot/npm_and_yarn/httpntlm-1.7.7
e05ab44 Merge pull request Issue while publishing Newman html report in Jenkins postmanlabs/newman#1151 from postmanlabs/dependabot/npm_and_yarn/hosted-git-info-2.8.9
9bc92ce Merge pull request Update mocha to the latest version 🚀 postmanlabs/newman#1155 from postmanlabs/dependabot/npm_and_yarn/jsdoc-3.6.7
b2a9ce6 Merge pull request Json script error in different API's while running postman collection in newman postmanlabs/newman#1147 from postmanlabs/dependabot/npm_and_yarn/terser-5.7.0
5e5a1dd Fix OAuth1.0a Incorrect Signature for URL Encoded Params (Update eslint to the latest version 🚀 postmanlabs/newman#1158)
f8adbf4 Bump jsdoc from 3.6.6 to 3.6.7
e378bb5 Bump httpntlm from 1.7.6 to 1.7.7
aff453f Bump terser from 5.6.1 to 5.7.0
6465e26 Bump hosted-git-info from 2.8.8 to 2.8.9
ff10105 Merge pull request Update eslint-plugin-jsdoc to the latest version 🚀 postmanlabs/newman#1149 from MikeRalphson/MikeRalphson-patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780 - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786 - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892 - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 4 vulnerabilities #10

[Snyk] Fix for 4 vulnerabilities #10

Uh oh!

snyk-bot commented Jul 13, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Search code, repositories, users, issues, pull requests...

[Snyk] Fix for 4 vulnerabilities #10

Are you sure you want to change the base?

[Snyk] Fix for 4 vulnerabilities #10

Uh oh!

Conversation

snyk-bot commented Jul 13, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant