Skip to content

[Snyk] Security upgrade box-node-sdk from 1.29.0 to 3.3.0#38

Open
naokikimura wants to merge 1 commit intomasterfrom
snyk-fix-b36a266a90fb1685540ac537bf2ba96e
Open

[Snyk] Security upgrade box-node-sdk from 1.29.0 to 3.3.0#38
naokikimura wants to merge 1 commit intomasterfrom
snyk-fix-b36a266a90fb1685540ac537bf2ba96e

Conversation

@naokikimura
Copy link
Copy Markdown
Owner

@naokikimura naokikimura commented Dec 19, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: box-node-sdk The new version differs by 250 commits.
  • 5f49464 chore: release 3.3.0 (#862)
  • f117abc chore: Bump @ babel/traverse from 7.22.20 to 7.23.2 (#859)
  • fd5d59a chore: Remove `npm-upgrade` (#861)
  • d365ae8 feat: Replace `request` library with `@ cypress/request` (#860)
  • 55f22fe fix: mark auth funs callbacks as optional (#858)
  • 7f130c2 chore: release 3.2.1 (#856)
  • 031358c chore: Bump jsonwebtoken to version 9.0.2 (#853)
  • 99df873 fix: Overrides tough-cookie dependency (#852)
  • 527b32f chore: release 3.2.0 (#850)
  • 18d3413 feat: Support sign template (#848)
  • e156e9c docs: Update FIPS compliance document (#847)
  • 7a098ca chore: release 3.1.1 (#846)
  • 113f976 chore: Bump word-wrap from 1.2.3 to 1.2.4 (#844)
  • 3f89f83 chore: Bump `proxy-agent` to version 6.3.0 (#845)
  • 9b05f48 chore: Update packages to make FIPS compliance (#841)
  • bdcc0ba docs: Fix typo in README.md (#842)
  • 5c04c94 chore: Bump semver from 5.7.1 to 5.7.2 (#840)
  • 15956a2 docs: Update sign requests documentation (#838)
  • 9b9e2b1 chore: Update support versions label (#837)
  • 5ef8e7d chore: Support Node 18 and 20 (#836)
  • b8956fb chore: release 3.1.0 (#835)
  • a525327 feat: Added support for integration mappings API (#831)
  • f803ff8 fix: Correct types of `userId` and `groupId` for creating collaboration (#833)
  • 08b45eb chore: Bump uuid from 3.3.3 to 9.0.0 (#830)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@naokikimura @snyk-bot