Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade newrelic from 10.3.1 to 11.5.0 #147

Merged
merged 1 commit into from
Nov 1, 2023
Merged

[Snyk] Security upgrade newrelic from 10.3.1 to 11.5.0 #147

merged 1 commit into from
Nov 1, 2023

Conversation

nr-security-github
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • logs-in-context/app/package.json
    • logs-in-context/app/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: newrelic The new version differs by 88 commits.
  • 20b7680 chore: Release v11.5.0 (#1839)
  • fb06ac9 chore(dep): Updated @ newrelic/security-agent to v0.4.0 (#1837)
  • fe1b4fc ci: Disable fail-fast on nightly versioned test runs (#1836)
  • 06b3364 chore: Release v11.4.0 (#1833)
  • 8b4e963 chore(deps): Updated aws-sdk, koa, superagent (#1831)
  • 9892901 feat: Added support for parsing container ids from docker versions using cgroups v2. (#1830)
  • 81f9450 chore: [Snyk] Upgraded @ grpc/grpc-js from 1.9.2 to 1.9.4. (#1823)
  • 5202048 test: Increased timeout for integration tests to avoid random failures. (#1827)
  • 1ed0c5c chore: release v11.3.0 (#1826)
  • a39f0ef feat: Updated agent initialization to allow running in worker threads when config.worker_threads.enabled is true (#1817)
  • 0928ee3 ci: disable fail-fast on testing jobs to make sure all versions are run before getting canceled because of a flappy test (#1819)
  • 6437671 fix: Updated Elasticsearch instrumentation to only register on v7.13.0+ (#1816)
  • 95ac917 test: updated the grpc versioned tests utils to dynamically bind ports to avoid conflicts between cjs and esm tests (#1820)
  • 317a00a ci: Updated post release script to update the nodejs_agent_version only on staging and us prod, eu will get it via replication now (#1811)
  • d3c8d04 security(deps): bump @ babel/traverse (#1818)
  • 01eaa14 ci: Updated CI workflow to use larger runners on versioned tests but only when running against the main branch (#1812)
  • cb8bee2 chore: included changelog entry for removing ability to run in worker threads to 11.0.0 (#1813)
  • 31a7ad0 test: Removed skipping elasticsearch versioned tests on Node 20 (#1810)
  • 91d3600 chore: Updated release note headers to follow standard sentence caps(#1806)
  • 3a210ad chore: release v11.2.1 (#1808)
  • 99e5792 fix: Updated intialization to properly return the api on start up to the security agent (#1807)
  • 0647411 chore: release v11.2.0 (#1805)
  • 0a54729 ci: add steps to zip up container logs on versioned test failure (#1804)
  • 8380e9d test: Updated elasticsearch container to ignore highwatermark to function on a constrained environment (#1803)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

@snyk-bot
fix: logs-in-context/app/package.json & logs-in-context/app/package-l…
29a2e6e 
…ock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-6032459
@mrickard mrickard merged commit 6dbadea into main Nov 1, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrickard mrickard mrickard approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Node.js Engineering Board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nr-security-github @mrickard @snyk-bot