Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade newrelic from 8.10.0 to 9.7.1 #20

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade newrelic from 8.10.0 to 9.7.1 #20

wants to merge 1 commit into from

Conversation

rjrodger
Copy link
Contributor

@rjrodger rjrodger commented Jul 6, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-PROTOBUFJS-5756498		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: newrelic The new version differs by 250 commits.
  • 8f4f379 Merge pull request #1449 from newrelic/release/v9.7.1
  • b87add6 Update release date
  • 3d376dc Addressed code review feedback
  • 48f7863 Clean up 9.7.1 release notes
  • d3f404e Adds auto-generated release notes.
  • ce85c4b Setting version to v9.7.1.
  • 9c508a5 Merge pull request #1404 from mrickard/NR-40029/drop-async-from-benchmark
  • 7ceb897 Restored shimmer.reinstrument test by fixing path to benchmark test (relative to shimmer)
  • 5c93ab6 Moved benchmark errorAndExit to a common utils file
  • 76a04e1 Merge pull request #1447 from jmartin4563/NR-69739-promise-throttling
  • 9f35815 NR-69739 removed unneeded outer test() and autoend()
  • b50bcad Merge pull request #1446 from bizob2828/restify-10
  • 45aba84 NR-69739 added unit tests for async-each-limit.js
  • 1eeec2b NR-69739 add batching to dep lookup
  • 64bcbd6 NR-33669 updated restify-post-7 to run tests on restify >=10 with Node 18
  • 71c8296 Merge pull request #1445 from bizob2828/express-clm
  • 49f6930 add 1 to column to properly locate the function
  • 675fa85 removed optional chaining from checking if code level metrics is enabled
  • 81d1a39 cleaned up jsdoc around nuance of checking if middleware is actually a function
  • 9f532a2 NEWRELIC-5564 updated code-level-metrics unit tests to properly test adding code.* attrs to active segment
  • 086f2ea NEWRELIC-5564 fixed crash with director and new CLM support in versioned tests when running with NEW_RELIC_CODE_LEVEL_METRICS_ENABLED=true
  • b730229 NEWRELIC-5564 add support for CLM on all middleware that uses
  • d7045f5 Merge pull request #1443 from bizob2828/clm-config
  • 9bcc1e3 Merge pull request #1444 from newrelic/NEWRELIC-5182-codecov-batching

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
d03c23e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-5756498
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rjrodger @snyk-bot