Skip to content

[Snyk] Security upgrade newman from 3.10.0 to 4.4.0 #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade newman from 3.10.0 to 4.4.0 #114

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Improper Privilege Management
SNYK-JS-SHELLJS-2332187		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: newman The new version differs by 250 commits.
  • 16c6b26 Merge branch 'release/4.4.0'
  • 32154bf Released v4.4.0
  • 8644dd8 Merge pull request #1909 from postmanlabs/feature/disabled-variables
  • 2dffb59 Test: update disabled variable collection
  • 5bad9f7 Added tests for disabled variables
  • f2e6dba Merge pull request #1897 from postmanlabs/greenkeeper/xmlbuilder-11.0.0
  • 673a479 Fix JUnit reporter assertions
  • f15703d Merge branch 'develop' of github.com:postmanlabs/newman into greenkeeper/xmlbuilder-11.0.0
  • 1d47aa2 Merge pull request #1903 from postmanlabs/feature/timings
  • 5297613 Point postman-runtime and postman-collection dependency to `v7.9.1`
  • 7e24f45 Point postman-runtime and postman-collection dependency to `latest`
  • a0edae8 Test: add missing system headers
  • b716cf3 Merge branch 'develop'
  • 7ed8b59 Merge pull request #1874 from postmanlabs/feature/bomb
  • 6dd20f9 Handle cache for missing phases
  • 335b209 Spruced up copy in README.md
  • 91b992f Minor: add JSDoc for util.detectEncoding
  • 9c0f1e9 Merge branch 'develop'
  • 2d7ee42 Add additional timing phases
  • 55b84d0 Temp: Point postman-collection and postman-runtime to `develop`
  • 90f32f2 Merge pull request #1901 from postmanlabs/greenkeeper/mocha-6.0.0
  • 7e61956 Merge branch 'develop' into greenkeeper/mocha-6.0.0
  • 8826563 Merge pull request #1900 from postmanlabs/greenkeeper/eslint-5.14.1
  • d7e6b31 chore(package): update lockfile package-lock.json

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
1592c91 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot