-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.2 #304
base: master
Are you sure you want to change the base?
[Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.2 #304
Conversation
Snyk has created this PR to upgrade @slack/webhook from 5.0.4 to 7.0.2. See this package in npm: @slack/webhook See this project in Snyk: https://app.snyk.io/org/mikolaj-roszak/project/89fafb7b-1110-4112-b075-f376a919f601?utm_source=github&utm_medium=referral&page=upgrade-pr
Micro-Learning Topic: Regular expression denial of service (Detected by phrase)Matched on "Regular Expression Denial of Service"Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Try a challenge in Secure Code WarriorMicro-Learning Topic: Weak input validation (Detected by phrase)Matched on "Improper Input Validation"Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Cross-site request forgery (Detected by phrase)Matched on "Cross-site Request Forgery"Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page. Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Denial of service (Detected by phrase)Matched on "Denial of Service"The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service Try a challenge in Secure Code WarriorMicro-Learning Topic: Information disclosure (Detected by phrase)Matched on "Information Exposure"Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Try a challenge in Secure Code Warrior |
Snyk has created this PR to upgrade @slack/webhook from 5.0.4 to 7.0.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 5 versions ahead of your current version.
The recommended version was released on 8 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-1579269
SNYK-JS-AXIOS-6032459
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-AXIOS-6124857
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-FOLLOWREDIRECTS-2396346
Release notes
Package name: @slack/webhook
What's Changed
This patch release bumps the minimum version of axios to 1.7.4 to address a CVE - see Axios 1.7.4 release notes for more information.
Changelog
Full Changelog: https://github.com/slackapi/node-slack-sdk/compare/@ slack/socket-mode@2.0.1...@ slack/rtm-api@7.0.1
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: