Skip to content
This repository has been archived by the owner on Aug 28, 2024. It is now read-only.

[Snyk] Security upgrade elastic-apm-node from 1.14.5 to 3.34.0 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade elastic-apm-node from 1.14.5 to 3.34.0 #5

wants to merge 1 commit into from

Conversation

intech
Copy link
Owner

@intech intech commented Jun 22, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: elastic-apm-node The new version differs by 250 commits.
  • dcc85f3 fix: build of Lambda layer broke in CI (#2724)
  • fe303b6 3.34.0 (#2723)
  • 54d89ca fix: get context back for composite spans (#2716)
  • d919faf chore(deps-dev): bump koa-bodyparser from 3.2.0 to 4.3.0 (#2717)
  • 4abdd30 chore(deps-dev): bump @ babel/core from 7.17.10 to 7.18.0 (#2719)
  • dabdf58 chore: enable dependabot version updates (#2710)
  • e8ab8c6 synchronize json schema specs (#2713)
  • 10c287a feat: add span links to AWS SQS ReceiveMessage spans for messages with a traceparent (#2706)
  • 101f905 chore: deprecate 'jade' package instrumentation (#2711)
  • 2e076a4 feat: Add support for tedious v10 to v14 (#2705)
  • 3c4e18d feat: span statistics -- ensure dropped span objects are still created (#2694)
  • 4019c99 fix: span compression handling could crash on a span without a set parent span (#2701)
  • 07b30a9 chore: update wait-on dev dep to reduce deprecation warnings on install (#2700)
  • cdb988d synchronize json schema specs (#2704)
  • 27588b7 chore(deps-dev): bump pug from 2.0.4 to 3.0.1 (#2690)
  • 99c12e8 chore: deprecate 'hapi' package instrumentation (#2698)
  • 9f380d0 refactor: RunContext.exitSpan() -> .leaveSpan() (#2703)
  • 558dae3 synchronize json schema specs (#2702)
  • 7cd1b90 feat: add "nodejs16.x" lambda runtime to our compatible runtimes (#2697)
  • 01154f3 add traceContinuationStrategy config option; add Span Links API (#2692)
  • 5b6b8a9 test: skip mysql2@2.2.3 in TAV tests to workaround npm v6 install issue with github deps (#2696)
  • 112a13c test: fix running benchmarks (#2693)
  • 8b6c11a feat: setRecorded for traceparent/tracecontext (#2687)
  • a289d44 chore: start using package-lock.json for repeatable Lambda Layer builds (#2627)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
f67f10f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@intech @snyk-bot