Skip to content

[Snyk] Security upgrade serverless from 1.83.0 to 2.0.0#37

Open
dev-daysmart wants to merge 1 commit into
masterfrom
snyk-fix-c9e5f9794c64ad39f12551fb6930d9c4
Open

[Snyk] Security upgrade serverless from 1.83.0 to 2.0.0#37
dev-daysmart wants to merge 1 commit into
masterfrom
snyk-fix-c9e5f9794c64ad39f12551fb6930d9c4

Conversation

@dev-daysmart

Copy link
Copy Markdown

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1
Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: serverless The new version differs by 23 commits.
  • 9f5a077 refactor(Templates): Upgrade `frameworkVersion`
  • dd3508b chore: Release v2.0.0
  • ff8a548 chore: Bump dependencies
  • e241cc2 test(AWS HTTP API): Fix after drop for timeout support
  • 1cfd1f2 feat(AWS HTTP API): Drop support for `timeout` setting
  • 615b10b test(Packaging): Ensure test is deterministic
  • 1beb8d0 refactor: Replace mkdrip with esnureDir from fs-extra
  • 861686b refactor: Refactor to async/await
  • dfc7839 feat(CLI): Fallback to service local serverless installation by default
  • 0597cfb chore: Upgrade ESLint configuration to support ES2019 syntax
  • 0160e9e chore: Upgrade boxen to v4 (#8163)
  • 7c304df feat(AWS ALB): Remove support for `authorizers[].allowUnauthenticated`
  • 33eef9f feat(CLI): Remove "slss", "serverless" command alias (#8161)
  • 34b64e0 chore: Upgrade @ serverless/enterprise-plugin to v4
  • 1db7f43 chore: Upgrade @ serverless/components
  • 12b979c test(AWS HTTP API): FIx after default payload mode change
  • 1596738 feat(AWS HTTP API): Switch default payload mode to 2.0 (#8133)
  • 4ceaca0 refactor(CLI): Remove deprecated bin/serverless file (#8142)
  • c620af3 fix(Packaging): Fix resolution of files with '.' In their names (#8130)
  • e131f26 refactor(AWS Lambda): Remove support for async config on destination
  • f9c3077 ci: Fix configuration of integrate job
  • 69dd4b9 feat: Drop support for Node.js versions below v10
  • 28ef7cc docs: Fix typo in the word 'maintenance' in changelog (#8215)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants