Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade ssh2-sftp-client from 4.3.1 to 7.0.0 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade ssh2-sftp-client from 4.3.1 to 7.0.0 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Command Injection
SNYK-JS-SSH2-1656673		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ssh2-sftp-client The new version differs by 250 commits.
  • 6c96211 Update mocha version. Update package version to 7.0.0
  • 33737b3 Update documentstion for version 7 release
  • 7e895d2 Extend option handling for get/put functions
  • 28af709 Update test to reflect new case in permisson denied error
  • 6a245eb Update put/fastPut to use new localExists function
  • 9b10d97 Merge branch 'ssh2-v1' of github.com:theophilusx/ssh2-sftp-client into ssh2-v1
  • 5e0e481 Fix call to removeTempListeners()
  • 228e1b3 Cleanup connect code. Remove sleep call
  • f0c1d2a Update ssh2 to version 1.0.0
  • fc32264 Add low level ssh2 stream script
  • 30fe1cc Update connection code to handle new ssh2
  • 8ce76ff Add lint script
  • f1bc43c Updae eslint/prettier setup
  • 5ac840d Cleanup connect code. Remove sleep call
  • 2c64cca Update ssh2 to version 1.0.0
  • ac9752e Add low level ssh2 stream script
  • 5c6a68d Fix typo in README
  • c8f9963 Update reference to current stable version in README
  • 4cc0800 Add example get() call with streams to examples directory
  • a42f9f8 Change get() listeners. Use end not finish
  • 1aaa91f Bumped dependency versions
  • 2be107e Fix typos in README
  • 71223de Update eslint/prettier setup
  • f3e8eb1 Update connection code to handle new ssh2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
2118440 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SSH2-1656673
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot