[Snyk] Upgrade @octokit/rest from 16.43.2 to 19.0.7 #46

snyk-bot · 2023-02-11T02:41:41Z

Snyk has created this PR to upgrade @octokit/rest from 16.43.2 to 19.0.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 93 versions ahead of your current version.
The recommended version was released 21 days ago, on 2023-01-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASHSET-1320032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @octokit/rest

19.0.7 - 2023-01-21
19.0.7 (2023-01-21)

Bug Fixes
- deps: update dependency @ octokit/plugin-rest-endpoint-methods to v7 (#258) (22bf083)
19.0.6 - 2023-01-21
19.0.6 (2023-01-21)

Bug Fixes
- deps: update dependency @ octokit/plugin-paginate-rest to v6 (#257) (322d82b)
19.0.5 - 2022-10-13
19.0.5 (2022-10-13)

Bug Fixes
- deps: update @ octokit/plugin-paginate-rest to v5 (#220) (9debac2)
19.0.4 - 2022-08-15
19.0.4 (2022-08-15)

Bug Fixes
- deps: update dependency @ octokit/plugin-paginate-rest to v4 (#187) (4e18c8d)
19.0.3 - 2022-07-08
19.0.3 (2022-07-08)

Bug Fixes
- deps: update dependency @ octokit/plugin-paginate-rest to v3 (#161) (670f477)
19.0.2 - 2022-07-08
19.0.2 (2022-07-08)

Bug Fixes
- deps: update dependency @ octokit/plugin-rest-endpoint-methods to v6 (#162) (310c738)
19.0.1 - 2022-07-07
19.0.1 (2022-07-07)

Bug Fixes
- deps: update dependency @ octokit/core to v4 (#160) (0b8f202)
19.0.0 - 2022-07-07
19.0.0 (2022-07-07)

Continuous Integration
- stop testing against NodeJS v10, v12 (#157) (526eb2b)
BREAKING CHANGES
- Drop support for NodeJS v10, v12
18.12.0 - 2021-10-07
18.12.0 (2021-10-07)

Features
- .actions.downloadWorkflowRunAttemptLogs(), .actions.getWorkflowRunAttempt(), .repos.generateReleaseNotes(), .checks.rerequestRun(). Graduate nebula, zzzax, switcheroo, baptiste previews. Removes defunkt /repos/{owner}/{repo}/actions/runs/{run_id}/retry endpoint. Renames methods to have consistent AuthenticatedUser() suffix, deprecates previous method names (#125) (4daa9f3)
18.11.4 - 2021-09-30
18.11.4 (2021-09-30)

Bug Fixes
- removes defunkt endpoints: GET /repos/{owner}/{repo}/community/code_of_conduct, DELETE /reactions/{reaction_id}. encrypted_value and key_id parameters are required for .rest.actions.{createOrUpdateEnvironmentSecret,setSelectedReposForOrgSecret}(). access_token parameter is required for .rest.apps.deleteAuthorization(). Previews graduated: ant-man, flash, scarlet-witch, squirrel-girl (#122) (9c02e7d)
18.11.3 - 2021-09-30
18.11.2 - 2021-09-27
18.11.1 - 2021-09-24
18.11.0 - 2021-09-22
18.10.0 - 2021-08-31
18.9.1 - 2021-08-16
18.9.0 - 2021-08-03
18.8.0 - 2021-08-02
18.7.2 - 2021-07-30
18.7.1 - 2021-07-23
18.7.0 - 2021-07-21
18.6.8 - 2021-07-20
18.6.7 - 2021-07-04
18.6.6 - 2021-06-30
18.6.5 - 2021-06-30
18.6.4 - 2021-06-29
18.6.3 - 2021-06-26
18.6.2 - 2021-06-24
18.6.1 - 2021-06-23
18.6.0 - 2021-06-12
18.5.6 - 2021-06-01
18.5.6-beta.1 - 2021-06-01
18.5.5 - 2021-05-28
18.5.4 - 2021-05-27
18.5.3 - 2021-04-21
18.5.2 - 2021-03-27
18.5.1 - 2021-03-26
18.5.0 - 2021-03-26
18.4.0 - 2021-03-24
18.3.5 - 2021-03-08
18.3.4 - 2021-03-05
18.3.3 - 2021-03-05
18.3.2 - 2021-03-03
18.3.1 - 2021-03-01
18.3.0 - 2021-02-26
18.2.1 - 2021-02-24
18.2.0 - 2021-02-18
18.1.1 - 2021-02-13
18.1.0 - 2021-02-03
18.0.15 - 2021-01-25
18.0.14 - 2021-01-22
18.0.13 - 2021-01-22
18.0.12 - 2020-12-04
18.0.11 - 2020-12-03
18.0.10 - 2020-12-02
18.0.9 - 2020-11-02
18.0.8 - 2020-11-01
18.0.7 - 2020-10-30
18.0.6 - 2020-09-14
18.0.5 - 2020-09-04
18.0.4 - 2020-08-26
18.0.3 - 2020-07-24
18.0.2 - 2020-07-23
18.0.1 - 2020-07-16
18.0.0 - 2020-06-11
17.11.2 - 2020-06-11
17.11.1 - 2020-06-11
17.11.0 - 2020-06-07
17.10.0 - 2020-06-04
17.9.3 - 2020-06-03
17.9.2 - 2020-05-18
17.9.1 - 2020-05-17
17.9.0 - 2020-05-11
17.8.0 - 2020-05-06
17.7.0 - 2020-05-05
17.6.0 - 2020-04-24
17.5.2 - 2020-04-22
17.5.1 - 2020-04-20
17.5.0 - 2020-04-20
17.4.0 - 2020-04-19
17.3.0 - 2020-04-15
17.2.1 - 2020-04-12
17.2.0 - 2020-04-08
17.1.4 - 2020-03-26
17.1.3 - 2020-03-25
17.1.2 - 2020-03-24
17.1.1 - 2020-03-20
17.1.0 - 2020-03-11
17.0.1 - 2020-03-10
17.0.0 - 2020-02-19
17.0.0-beta.3 - 2020-02-07
17.0.0-beta.2 - 2020-02-04
17.0.0-beta.1 - 2020-02-03
16.43.2 - 2020-06-24

from @octokit/rest GitHub release notes

Commit messages

Package name: @octokit/rest

22bf083 fix(deps): update dependency @ octokit/plugin-rest-endpoint-methods to v7 (Feature/plugin/secretsmanager encrypted v2 aquasecurity/cloudsploit#258)
322d82b fix(deps): update dependency @ octokit/plugin-paginate-rest to v6 (Feature/plugin/s3 default encryption v2 aquasecurity/cloudsploit#257)
2fcacea build(deps): lock file maintenance (Feature/plugin/log retention rate v2 aquasecurity/cloudsploit#255)
198aefc chore(deps): update dependency prettier to v2.8.3
e22cea8 Default branch rename (Feature/plugin/ses validated domains aquasecurity/cloudsploit#253)
aa53e3e 🚧 Workflows have changed (Feature/plugin/es sensitive data aquasecurity/cloudsploit#252)
68ed368 build(deps): lock file maintenance
ffbb439 build(release.yml): set node-version to lts/*
4b01f52 chore(deps): update dependency semantic-release to v20 (Feature/plugin/ssm encrypted v2 aquasecurity/cloudsploit#249)
4f0326c chore(deps): update dependency prettier to v2.8.2
5141e23 build(deps): lock file maintenance (Feature/plugin/guard duty master aquasecurity/cloudsploit#247)
82cef79 🚧 Workflows have changed (Feature/plugin/ssm active all instances aquasecurity/cloudsploit#248)
936cdb2 build(deps): lock file maintenance (Feature/plugin/lambda log groups aquasecurity/cloudsploit#246)
b05b422 docs(throttling-documentation): update "onAbuseLimit" to "onSecondaryRateLimit" (fixing Azure AppService on get PythonVersion aquasecurity/cloudsploit#245)
3161b64 build(deps): lock file maintenance
6c3249c workflows(add_to_octokit_project): add `pull_request_target` event as a trigger (Unable to query storage buckets with default privileges aquasecurity/cloudsploit#243)
001e1ee Workflow linting fix (Security vulnerabilities in Google Kubernetes Cluster. aquasecurity/cloudsploit#242)
7286b5e build(deps): lock file maintenance (skipRegions parameter in collectors or engine.js is not taking effect aquasecurity/cloudsploit#241)
9809ecd chore(deps): update dependency prettier to v2.8.1 (Missing required parameters: project aquasecurity/cloudsploit#239)
ecca3c0 [Maint] Updates action for the project for workflows
89ccf80 build(deps): lock file maintenance
bc8889a build(deps): lock file maintenance (Configure via GOOGLE_APPLICATION_CREDENTIALS aquasecurity/cloudsploit#237)
cc49b80 build(deps): lock file maintenance (Parsing GCP Collector for App Engine Support aquasecurity/cloudsploit#236)
4aef4dd chore(deps): update dependency prettier to v2.8.0

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @octokit/rest from 16.43.2 to 19.0.7. See this package in npm: https://www.npmjs.com/package/@octokit/rest See this project in Snyk: https://app.snyk.io/org/ekmixon/project/a50a9592-0b85-48c9-9301-0888580e6c10?utm_source=github&utm_medium=referral&page=upgrade-pr

secure-code-warrior-for-github · 2023-02-11T02:41:45Z

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @octokit/rest from 16.43.2 to 19.0.7 #46

[Snyk] Upgrade @octokit/rest from 16.43.2 to 19.0.7 #46

snyk-bot commented Feb 11, 2023

19.0.7 (2023-01-21)

Bug Fixes

19.0.6 (2023-01-21)

Bug Fixes

19.0.5 (2022-10-13)

Bug Fixes

19.0.4 (2022-08-15)

Bug Fixes

19.0.3 (2022-07-08)

Bug Fixes

19.0.2 (2022-07-08)

Bug Fixes

19.0.1 (2022-07-07)

Bug Fixes

19.0.0 (2022-07-07)

Continuous Integration

BREAKING CHANGES

18.12.0 (2021-10-07)

Features

18.11.4 (2021-09-30)

Bug Fixes

secure-code-warrior-for-github bot commented Feb 11, 2023

[Snyk] Upgrade @octokit/rest from 16.43.2 to 19.0.7 #46

Are you sure you want to change the base?

[Snyk] Upgrade @octokit/rest from 16.43.2 to 19.0.7 #46

Conversation

snyk-bot commented Feb 11, 2023

Snyk has created this PR to upgrade @octokit/rest from 16.43.2 to 19.0.7.

19.0.7 (2023-01-21)

Bug Fixes

19.0.6 (2023-01-21)

Bug Fixes

19.0.5 (2022-10-13)

Bug Fixes

19.0.4 (2022-08-15)

Bug Fixes

19.0.3 (2022-07-08)

Bug Fixes

19.0.2 (2022-07-08)

Bug Fixes

19.0.1 (2022-07-07)

Bug Fixes

19.0.0 (2022-07-07)

Continuous Integration

BREAKING CHANGES

18.12.0 (2021-10-07)

Features

18.11.4 (2021-09-30)

Bug Fixes

secure-code-warrior-for-github bot commented Feb 11, 2023

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

Try a challenge in Secure Code Warrior