Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade kafka-node from 0.5.9 to 1.3.2 #46

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

erikvullings
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-LODASH-6139239
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: kafka-node The new version differs by 53 commits.
  • 01838a9 1.3.2 (#575)
  • 31292c5 Fix issue where restarted kafka node could stall a consumer (#574)
  • 411cadd Add updateOffset tests (#573)
  • 23c2215 reducing autocommit fires when consumer is idle (#568)
  • a505abc Upgrade to lodash 4 (#565)
  • 399e91c 1.3.1 (#564)
  • 0f4c8b6 Fix consumer group not reconnecting when a broker comes back online (#563)
  • 7d8d374 Remove BrokerNotAvailableError from list of ConsumerGroupErrors (#562)
  • ea8b3b8 1.3.0 (#561)
  • 1314e93 Expose and group consumer group errors (#560)
  • 3480492 Add fetchEarliestOffsets to Offsets (#544)
  • f838e1f Consumer group should try to recover from a heartbeat timeout error (#559)
  • 8558947 1.2.1 (#557)
  • 9bcfb9d Fixes #554 argument is out of bounds exception (#556)
  • b9bef30 1.2.0 (#555)
  • 83840f9 Consumer group should handle offset out of range (#553)
  • 4bc6c78 Add doc notice about kafka HLC deprecation (#552)
  • 7094118 Consumer Group Heartbeat refactor (#547)
  • d20cce2 Let consumer group close to continue even if there’s a potential for … (#551)
  • 56c4191 1.1.0 (#545)
  • 5b92f06 Fixes #531 unhandled error in Offset (#543)
  • 2876902 Allow configuration of rebalance retry strategy on HighLevelConsumer (#542)
  • a98c419 Fix/commit 0 offset on fresh topic (#529)
  • ddd4b26 Upgrade nested-error-stacks to v2 for node v7 support (#540)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants