Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade kafka-node from 0.5.9 to 2.2.3 #29

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Aug 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Recently disclosed, Has a fix available, CVSS 8.2
Arbitrary File Overwrite
SNYK-JS-TAR-1536528
Yes No Known Exploit
high severity 696/1000
Why? Recently disclosed, Has a fix available, CVSS 8.2
Arbitrary File Overwrite
SNYK-JS-TAR-1536531
Yes No Known Exploit
low severity 481/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: kafka-node The new version differs by 124 commits.
  • 77c005a 2.2.3 (#762)
  • a13f85a Upgrade snappy (#760)
  • 49bced2 consumer network recovery (#758)
  • aa9ffa4 Update docker-compose to use 0.11 tag instead of latest (#754)
  • 17a2202 2.2.2 (#753)
  • c85cd9f Fix issue where disconnected idle brokers lingers around causing subsequent requests to fail with BrokerNotAvailable (#752)
  • 52f38b5 Add timeout waiting for broker to be ready fixes #750 (#751)
  • a580e80 2.2.1 (#748)
  • dd3329b avoid doing versions request on longpolling sockets resolves #743 (#747)
  • 163bbdb Verify cyclic partitioner works closes #725 (#745)
  • 04a248a Consumer should throw an error if message exceeds fetchMaxBytes fixes… (#744)
  • 0eb61c5 Fix imports in streaming example (#742)
  • a102a48 2.2.0 (#738)
  • 0f21b66 message protocol didn't take into account timestamp Fixes #736 (#737)
  • 58662ef run tests against kafka version 0.11 (#735)
  • c710659 Add producer stream (#734)
  • fabfc80 Bump version and update changelog (#733)
  • 0e68220 Consumer streams (#732)
  • 60e5e11 Add support for Producer API V1 and V2 (#730)
  • e20325e Upgrade to async 2 (#729)
  • 5271896 Api versions support (#726)
  • 2114683 use defaultDeep instead of default to merge retryOptions (#722)
  • 415c7b8 Allow broker to disconnect clients for being idle (#718)
  • d23e14b Fix doc for HLC addTopics method resolves #713 (#714)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant