Skip to content

[Snyk] Security upgrade serverless from 1.83.0 to 2.41.2#48

Open
dev-daysmart wants to merge 1 commit into
masterfrom
snyk-fix-fffbae64fde38382f373fa6918f48fd7
Open

[Snyk] Security upgrade serverless from 1.83.0 to 2.41.2#48
dev-daysmart wants to merge 1 commit into
masterfrom
snyk-fix-fffbae64fde38382f373fa6918f48fd7

Conversation

@dev-daysmart

Copy link
Copy Markdown

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: serverless The new version differs by 250 commits.
  • b86128b test: Workaround race conditions
  • 0d92eb2 chore: Release v2.41.2
  • f2a8e66 chore: Upgrade `dotenv` to v9
  • 340566a chore: Bump dependencies
  • eeddf9f fix(Telemetry): If global & local report outcome, report with global
  • 65a1f38 fix(CLI): Ensure resolved CLI params are correct in local fallback
  • 7047c34 fix(CLI): Fallback to local version only if we're not in its context
  • 105807a refactor(CLI Onboarding): Integrate steps from dashboard plugin
  • a26a21f test(CLI Onboarding): Remove `bluebird` dependency
  • 1060d14 refactor(CLI Onboarding): Refactor to async/await
  • 7864f4d refactor(CLI Onboarding): Seclude from internal Framework logic
  • c13586e refactor(CLI Onboarding): Simplify tabcompletion support check
  • 4f6a50a refactor(Telemetry): Make `generatePayload` `serverless` independent
  • b915cc4 refactor: Refactor `isNpmPackageWritable` to not depend on `serverless`
  • 05588f7 refactor(CLI): Rely internally on `@ serverless/utils/log`
  • 9cc05ad feat(Templates): Add `google-nodejs-typescript` template (#9445)
  • 80281ee test: Ensure no deprecations logs (after default runtime deprecation)
  • 2f3d33d test: Improve test title
  • ad63a8f chore: Release 2.41.1
  • bbfe742 fix(CLI): Correctly resolve version during local fallback
  • 3c5d713 chore: Release 2.41.0
  • e22b3cc chore: Bump dependencies
  • 56f8587 fix(AWS API Gateway): Support `Fn::Split` for `vpcEndpointIds` schema
  • 096ed96 fix(Telemetry): For local fallback ensure to report locally used version

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants