New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade vimeo from 2.1.1 to 2.3.1 #12

Open

renie wants to merge 1 commit into master from snyk-fix-6cbe846af42f66c34756c41b3fa2b83c

Owner

renie commented Feb 8, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: vimeo

The new version differs by 20 commits.

8b34dcf Merge pull request #165 from vimeo/updates-package
16417ec updates packages.json
20539e3 updates package version
46a4368 Merge pull request #164 from vimeo/update-doc
4ecb120 updates the doc to include parameter
7d0d2c9 Merge pull request #163 from vimeo/supports-text-plain
616553b supports text plain content type
4491648 Merge pull request #155 from karlhorky/patch-1
6a4bd7c Return error to callback
343276a Merge pull request #154 from vimeo/update-readme
2238979 updates readme
e12f430 Removing codecov reports until it's configured.
e5c72f0 Adding a Travis badge to the readme.
c0eaf71 Merge pull request #96 from quentinms/12-tests
c10a9f8 Add codecov to devDependencies
a5ee2a8 fix jsdoc
323092b Add whitespace between test cases
6ad28fd fix `scope` documentation
5adc436 Add lib/vimeo.js tests
1bab55a Fixing a small typo in the changelog file.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Improper Input Validation


          fix: package.json & package-lock.json to reduce vulnerabilities

1eee8ca

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet