Skip to content

[Snyk] Security upgrade soap from 0.19.2 to 0.27.0 #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jwarkentin wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade soap from 0.19.2 to 0.27.0 #19

jwarkentin wants to merge 1 commit into from

Conversation

@jwarkentin
Copy link
Owner

@jwarkentin jwarkentin commented Apr 26, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 798/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: soap The new version differs by 101 commits.
  • e005dc5 Release v0.27.0
  • 630d80d Fixed some issues with xsd elements (#1057)
  • 33e170e Added callback for soap.listen (#1055)
  • 0144895 Added MTOM support for binary data (#1054)
  • 1f4af8a Handle response with error status code and without response body (#1053)
  • 58c0b8a add rsa-sha256 support for WSSecurityCert (#1052)
  • 25440ee fix(compliance): updated the npm packages
  • 8d5f15a adding promise support for server method handlers.
  • e8306be npmignore cleanup; adding some types to Client (#1049)
  • 9cb3bf0 adding source-map-support for ts mapping in stack trace; enabling tslint rules; added linting to travis; removing unnecessary self variables (#1047)
  • adb0739 fix(wsdl): array namespace override with colon(:) (#1045)
  • 9aed566 npm upgrade; removing ejs and external template files (#1046)
  • 509932a converting the project to TypeScript (#1044)
  • f4fd1e7 Fixed PasswordDigest Generation (#1039)
  • 570f5b3 Stringify wsdl-related error messages to avoid non-descriptive [object Object] output. (#1037)
  • 63bd7b7 Release v0.26.0
  • 2f159d0 WSDL: make merging external schema works correctly (#1023)
  • 0e8a3e6 WSDL: pass error from parsing XML as-is, not only its message (#1022)
  • 6bb6936 server: add option enableChunkedEncoding (#1043)
  • 5b45068 fix a problem about Multi-Byte character (#1042)
  • 2bed4c7 fix double transformationentries in WSSecCert
  • 7a215e0 Add bodyParser.json middleware test
  • e13942b processRequestXml only if req.body is not empty object
  • 5c042d9 Fixing v10 ssl tests and removing jshint since it sucks and doesn't support es6. (we need to migrate to eslint).

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

@snyk-bot
fix: package.json to reduce vulnerabilities
467698b 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EJS-2803307
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jwarkentin @snyk-bot