[Snyk] Upgrade @octokit/rest from 16.38.1 to 19.0.3 #7

MarcelRaschke · 2022-08-20T22:30:38Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @octokit/rest from 16.38.1 to 19.0.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 104 versions ahead of your current version.
The recommended version was released a month ago, on 2022-07-08.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	375/1000 Why? CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-1070800	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-LODASHSET-1320032	375/1000 Why? CVSS 7.5	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	375/1000 Why? CVSS 7.5	No Known Exploit
Command Injection SNYK-JS-FINDPROCESS-1090284	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AWSSDK-1059424	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	375/1000 Why? CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	375/1000 Why? CVSS 7.5	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-IOREDIS-1567196	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	375/1000 Why? CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-FLAT-596927	375/1000 Why? CVSS 7.5	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	375/1000 Why? CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-ACTIONSCORE-2980270	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @octokit/rest

19.0.3 - 2022-07-08
19.0.3 (2022-07-08)

Bug Fixes
- deps: update dependency @ octokit/plugin-paginate-rest to v3 (#161) (670f477)
19.0.2 - 2022-07-08
19.0.2 (2022-07-08)

Bug Fixes
- deps: update dependency @ octokit/plugin-rest-endpoint-methods to v6 (#162) (310c738)
19.0.1 - 2022-07-07
19.0.1 (2022-07-07)

Bug Fixes
- deps: update dependency @ octokit/core to v4 (#160) (0b8f202)
19.0.0 - 2022-07-07
19.0.0 (2022-07-07)

Continuous Integration
- stop testing against NodeJS v10, v12 (#157) (526eb2b)
BREAKING CHANGES
- Drop support for NodeJS v10, v12
18.12.0 - 2021-10-07
18.12.0 (2021-10-07)

Features
- .actions.downloadWorkflowRunAttemptLogs(), .actions.getWorkflowRunAttempt(), .repos.generateReleaseNotes(), .checks.rerequestRun(). Graduate nebula, zzzax, switcheroo, baptiste previews. Removes defunkt /repos/{owner}/{repo}/actions/runs/{run_id}/retry endpoint. Renames methods to have consistent AuthenticatedUser() suffix, deprecates previous method names (#125) (4daa9f3)
18.11.4 - 2021-09-30
18.11.4 (2021-09-30)

Bug Fixes
- removes defunkt endpoints: GET /repos/{owner}/{repo}/community/code_of_conduct, DELETE /reactions/{reaction_id}. encrypted_value and key_id parameters are required for .rest.actions.{createOrUpdateEnvironmentSecret,setSelectedReposForOrgSecret}(). access_token parameter is required for .rest.apps.deleteAuthorization(). Previews graduated: ant-man, flash, scarlet-witch, squirrel-girl (#122) (9c02e7d)
18.11.3 - 2021-09-30
18.11.3 (2021-09-30)

Bug Fixes
- deps: bump minimal version of @ octokit/plugin-paginate-rest to v2.16.4 to prevent typescript compile errors (#120) (fca1907)
18.11.2 - 2021-09-27
18.11.2 (2021-09-27)

Bug Fixes
- luke-cage preview graduated (#119) (38a823f)
18.11.1 - 2021-09-24
18.11.1 (2021-09-24)

Bug Fixes
- typescript: graduate previews dorian, inertia, london, lydian, wyandotte (#116) (f1e2416)
18.11.0 - 2021-09-22
18.11.0 (2021-09-22)

Features
- octokit.rest.repos.{enable,disable}LfsForRepo(), octokit.rest.repos.mergeUpstream({ owner, repo, branch }) (916a8bb)
18.10.0 - 2021-08-31
18.9.1 - 2021-08-16
18.9.0 - 2021-08-03
18.8.0 - 2021-08-02
18.7.2 - 2021-07-30
18.7.1 - 2021-07-23
18.7.0 - 2021-07-21
18.6.8 - 2021-07-20
18.6.7 - 2021-07-04
18.6.6 - 2021-06-30
18.6.5 - 2021-06-30
18.6.4 - 2021-06-29
18.6.3 - 2021-06-26
18.6.2 - 2021-06-24
18.6.1 - 2021-06-23
18.6.0 - 2021-06-12
18.5.6 - 2021-06-01
18.5.6-beta.1 - 2021-06-01
18.5.5 - 2021-05-28
18.5.4 - 2021-05-27
18.5.3 - 2021-04-21
18.5.2 - 2021-03-27
18.5.1 - 2021-03-26
18.5.0 - 2021-03-26
18.4.0 - 2021-03-24
18.3.5 - 2021-03-08
18.3.4 - 2021-03-05
18.3.3 - 2021-03-05
18.3.2 - 2021-03-03
18.3.1 - 2021-03-01
18.3.0 - 2021-02-26
18.2.1 - 2021-02-24
18.2.0 - 2021-02-18
18.1.1 - 2021-02-13
18.1.0 - 2021-02-03
18.0.15 - 2021-01-25
18.0.14 - 2021-01-22
18.0.13 - 2021-01-22
18.0.12 - 2020-12-04
18.0.11 - 2020-12-03
18.0.10 - 2020-12-02
18.0.9 - 2020-11-02
18.0.8 - 2020-11-01
18.0.7 - 2020-10-30
18.0.6 - 2020-09-14
18.0.5 - 2020-09-04
18.0.4 - 2020-08-26
18.0.3 - 2020-07-24
18.0.2 - 2020-07-23
18.0.1 - 2020-07-16
18.0.0 - 2020-06-11
17.11.2 - 2020-06-11
17.11.1 - 2020-06-11
17.11.0 - 2020-06-07
17.10.0 - 2020-06-04
17.9.3 - 2020-06-03
17.9.2 - 2020-05-18
17.9.1 - 2020-05-17
17.9.0 - 2020-05-11
17.8.0 - 2020-05-06
17.7.0 - 2020-05-05
17.6.0 - 2020-04-24
17.5.2 - 2020-04-22
17.5.1 - 2020-04-20
17.5.0 - 2020-04-20
17.4.0 - 2020-04-19
17.3.0 - 2020-04-15
17.2.1 - 2020-04-12
17.2.0 - 2020-04-08
17.1.4 - 2020-03-26
17.1.3 - 2020-03-25
17.1.2 - 2020-03-24
17.1.1 - 2020-03-20
17.1.0 - 2020-03-11
17.0.1 - 2020-03-10
17.0.0 - 2020-02-19
17.0.0-beta.3 - 2020-02-07
17.0.0-beta.2 - 2020-02-04
17.0.0-beta.1 - 2020-02-03
16.43.2 - 2020-06-24
16.43.1 - 2020-02-03
16.43.0 - 2020-02-03
16.42.2 - 2020-02-03
16.42.1 - 2020-02-03
16.42.0 - 2020-02-03
16.41.2 - 2020-02-02
16.41.1 - 2020-01-31
16.41.0 - 2020-01-31
16.40.2 - 2020-01-30
16.40.1 - 2020-01-29
16.40.0 - 2020-01-28
16.39.0 - 2020-01-27
16.38.3 - 2020-01-25
16.38.2 - 2020-01-24
16.38.1 - 2020-01-22

from @octokit/rest GitHub release notes

Commit messages

Package name: @octokit/rest

670f477 fix(deps): update dependency @ octokit/plugin-paginate-rest to v3 ([pull] main from github:main MarcelRaschke/docs#161)
310c738 fix(deps): update dependency @ octokit/plugin-rest-endpoint-methods to v6 (Bump node from 16.13.2-alpine to 17.7.1-alpine MarcelRaschke/docs#162)
0b8f202 fix(deps): update dependency @ octokit/core to v4 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#160)
5256bba chore(deps): update dependency @ octokit/request to v6 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#159)
5217679 ci(action): pin dependencies ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#158)
526eb2b ci: stop testing against NodeJS v10, v12 ([Snyk] Security upgrade debian from buster-20210408-slim to buster-20211011-slim MarcelRaschke/docs#157)
4d22af3 chore(deps): update dependency semantic-release to v19 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#146)
0de190b chore(deps): update dependency react-debounce-render to v8 ([Snyk] Security upgrade debian from buster-20210408-slim to buster-20211220-slim MarcelRaschke/docs#145)
32c0b3b chore(deps): update dependency @ types/node to v16 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#142)
01f05f8 chore(deps): update jest monorepo to v28 (major)
7a941b7 chore(deps): update react monorepo to v18 (major)
dc6e81d ci(codeql): ignore on push events for dependabot branches ([Snyk] Security upgrade debian from buster-20210408-slim to buster-20210816-slim MarcelRaschke/docs#153)
2748711 ci(codeql): ignore on push events for dependabot branches ([Snyk] Security upgrade debian from 9.5-slim to stretch-20220125-slim MarcelRaschke/docs#154)
d446734 build(npm): replace 'pika' command with 'pika-pack' ([Snyk] Security upgrade debian from buster-20210408-slim to buster-20211115-slim MarcelRaschke/docs#152)
ec4f2d2 ci(action): update github/codeql-action action to v2 ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim MarcelRaschke/docs#151)
53d38ea ci(action): update actions/setup-node action to v3 ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim MarcelRaschke/docs#150)
2a48a6e ci(action): update actions/checkout action to v3 ([Snyk] Security upgrade debian from 9.5-slim to stretch-slim MarcelRaschke/docs#149)
f06a0fa chore(deps): update dependency marked to v4
c606831 chore(deps): update dependency html-react-parser to v2 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#143)
43ece36 chore(deps): update dependency prettier to v2.7.1 ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#141)
ad7a110 build: updates lock file from old generation and applies lint fixes to the security policy ([Snyk] Security upgrade debian from 9.5-slim to stretch-20211201-slim MarcelRaschke/docs#140)
627de0e Create SECURITY.md
a2f69ec build(deps): lock file maintenance
4daa9f3 feat: `.actions.downloadWorkflowRunAttemptLogs()`, `.actions.getWorkflowRunAttempt()`, `.repos.generateReleaseNotes()`, `.checks.rerequestRun()`. Graduate `nebula`, `zzzax`, `switcheroo`, `baptiste` previews. Removes defunkt `/repos/{owner}/{repo}/actions/runs/{run_id}/retry` endpoint. Renames methods to have consistent `AuthenticatedUser()` suffix, deprecates previous method names ([Snyk] Security upgrade debian from 9.5-slim to 9.13-slim MarcelRaschke/docs#125)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @octokit/rest from 16.38.1 to 19.0.3. See this package in npm: https://www.npmjs.com/package/@octokit/rest See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/e968e655-cf4d-42ff-946b-8fcbc781bf82?utm_source=github&utm_medium=referral&page=upgrade-pr

snyk-bot mentioned this pull request Sep 27, 2022

[Snyk] Security upgrade domwaiter from 1.1.0 to 1.4.0 #12

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @octokit/rest from 16.38.1 to 19.0.3 #7

[Snyk] Upgrade @octokit/rest from 16.38.1 to 19.0.3 #7

MarcelRaschke commented Aug 20, 2022

19.0.3 (2022-07-08)

Bug Fixes

19.0.2 (2022-07-08)

Bug Fixes

19.0.1 (2022-07-07)

Bug Fixes

19.0.0 (2022-07-07)

Continuous Integration

BREAKING CHANGES

18.12.0 (2021-10-07)

Features

18.11.4 (2021-09-30)

Bug Fixes

18.11.3 (2021-09-30)

Bug Fixes

18.11.2 (2021-09-27)

Bug Fixes

18.11.1 (2021-09-24)

Bug Fixes

18.11.0 (2021-09-22)

Features

[Snyk] Upgrade @octokit/rest from 16.38.1 to 19.0.3 #7

Are you sure you want to change the base?

[Snyk] Upgrade @octokit/rest from 16.38.1 to 19.0.3 #7

Conversation

MarcelRaschke commented Aug 20, 2022

Snyk has created this PR to upgrade @octokit/rest from 16.38.1 to 19.0.3.

19.0.3 (2022-07-08)

Bug Fixes

19.0.2 (2022-07-08)

Bug Fixes

19.0.1 (2022-07-07)

Bug Fixes

19.0.0 (2022-07-07)

Continuous Integration

BREAKING CHANGES

18.12.0 (2021-10-07)

Features

18.11.4 (2021-09-30)

Bug Fixes

18.11.3 (2021-09-30)

Bug Fixes

18.11.2 (2021-09-27)

Bug Fixes

18.11.1 (2021-09-24)

Bug Fixes

18.11.0 (2021-09-22)

Features