Skip to content

[Snyk] Security upgrade koa from 1.7.0 to 2.0.0#12

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-d69ac837e7b473f9b9a48cad79f04c6a
Open

[Snyk] Security upgrade koa from 1.7.0 to 2.0.0#12
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-d69ac837e7b473f9b9a48cad79f04c6a

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Jan 10, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: koa The new version differs by 118 commits.
  • 3595ef5 2.0.0
  • bd3d9e5 Merge pull request #690 from PlasmaPower/patch-1
  • efcdd3b Docs: v2 error handling is environment independent
  • 2b094eb docs: update history and docs for v2
  • daf688b Merge pull request #683 from fl0w/v2.x
  • 0ac4ff0 Convert generator-mw with deprecation warning
  • a1aec3d Merge pull request #686 from robinpokorny/lint-js-in-markdown
  • 340dd4f Lint JavaScript in Markdown
  • 39f058e fix cookies' secure detect
  • bcada5b readme: update URLs based on HTTP redirects
  • 9ba2f9c Merge pull request #681 from PlasmaPower/update-error-handling-doc
  • 1d1698e Update error handling doc to use promises+async
  • 882ea7e Merge pull request #678 from PlasmaPower/cherrypick-to-next
  • 04a7122 lint: benchmarks/
  • 2df468b Merge pull request #679 from PlasmaPower/remove-unused-http
  • 5517158 travis: run lint
  • 597638d Remove unused http variable
  • a440425 Add support for headers in errors
  • 3d15c24 JSDoc question/suggestion on optional parameters
  • d768ed8 docs: note stream error handling and destruction. ref: #612
  • 86a6f2b add CODE_OF_CONDUCT.md
  • a808671 add app.silent, err.status, err.expose to doc, fixes #630
  • 53a165f chore(license): update license year to 2016
  • d74802d Standardizes instances of removeHeader to remove

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
397b0f8 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot