[Snyk] Fix for 1 vulnerabilities by snyk-bot · Pull Request #749 · census-instrumentation/opencensus-node

snyk-bot · 2020-01-30T02:34:15Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/opencensus-instrumentation-grpc/package.json
- packages/opencensus-instrumentation-grpc/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Command Injection SNYK-JS-CODECOV-543183	No	Proof of Concept

Commit messages

Package name: codecov

The new version differs by 21 commits.

fa631c3 v3.6.2
f429409 Merge pull request trace/exporters/ocagent: Retry logic check #164 from codecov/sanitize-gcov-options
2f4eff9 Sanitize gcov-args
9bde072 Merge pull request Adds metric name prefix override for [exporter-stackdriver] #151 from codecov/github-ci-1
b86eb31 Add workflow
a7014d2 Update README.md
597322c v3.6.1
4fc78f5 Merge pull request Fix export issue #146 from codecov/hotfix/semaphore
11347a9 Fix tests
4556aab Set semaphore service to just semaphore
2ed978c v3.6.0
024cced Merge pull request Fix up typos in source #135 from iansu/codebuild
24a0a76 Merge branch 'master' into codebuild
f628c33 Merge pull request Removes redundant range min/max from distributedValues #145 from fabiendem/semaphore-compat
0c57093 Rename semaphore v2 clearly in tests
5a5c489 Add retro-compatibility for Semaphore 1.x and maintain support for 2.x
a45a9b5 Revert "Updates Semaphore CI Service for 2.0 (fix: remove const enums #132)"
e2f6b81 Test improvements
3faacd4 Add support for AWS CodeBuild
8371836 Create CODE_OF_CONDUCT.md (Add Metrics APIs as per "metrics.proto" #133)
6167aa8 Updates Semaphore CI Service for 2.0 (fix: remove const enums #132)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…/opencensus-instrumentation-grpc/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CODECOV-543183

fix: packages/opencensus-instrumentation-grpc/package.json & packages…

196b3aa

…/opencensus-instrumentation-grpc/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-CODECOV-543183

snyk-bot requested review from draffensperger, hekike and mayurkale22 as code owners January 30, 2020 02:34

googlebot added the cla: yes label Jan 30, 2020

mayurkale22 approved these changes Feb 26, 2020

View reviewed changes

mayurkale22 merged commit 00ac8df into master Feb 26, 2020

mayurkale22 deleted the snyk-fix-68a56aec2a1006f744aae4013ee53035 branch February 26, 2020 17:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 1 vulnerabilities#749

[Snyk] Fix for 1 vulnerabilities#749
mayurkale22 merged 1 commit into
masterfrom
snyk-fix-68a56aec2a1006f744aae4013ee53035

snyk-bot commented Jan 30, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

snyk-bot commented Jan 30, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants