[Snyk] Security upgrade posthog-node from 2.6.0 to 3.1.3 #8

alejandrosuarez · 2024-01-05T22:53:38Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/auth/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: posthog-node

The new version differs by 16 commits.

4b2f733 chore: Upgrade axios dep (Add digital ocean integration NangoHQ/nango#122)
9ac7090 fix: Type issue with RN (Coinbase Api NangoHQ/nango#119)
41ac06b Release 2.8.0 (Here.com API integration request NangoHQ/nango#116)
dcd429a Added useFeatureFlagWithPayload for react native (Square API integration request NangoHQ/nango#111)
73d2fc2 Fix changelog entries RN (FreeAgent API integration request NangoHQ/nango#115)
4a707fd feat: Add react native autocapture lifecycle events (Coinbase API integration request NangoHQ/nango#108)
7ad76f9 style: Improve eslint setup (Ticketmaster API integration request NangoHQ/nango#109)
54178fc fix(flags): Make sure to add feature props to ffc events (adding smart sheet integration NangoHQ/nango#103)
b70f194 feat: Save the $screen_name on every event (Zendesk API integration request NangoHQ/nango#100)
32d74d2 release new version of node (chore(deps-dev): bump node-fetch from 2.6.0 to 2.6.1 NangoHQ/nango#95)
56b1b1c fix(node): add pure js sha1 library (chore(deps): bump node-fetch from 2.6.0 to 2.6.1 in /src/clients/node NangoHQ/nango#94)
20b73b8 Add links to changelog (Working without frontend :) NangoHQ/nango#92)
c7617ee fix: Race conditions when initialising the RN SDK (Typo in Repository Description NangoHQ/nango#91)
0ccb243 Updated changelogs and versions (Make a POST/PUT NangoHQ/nango#90)
83b8c34 Improve error handling and make fetch error handling behave like fetch (How to generate SECRET_KEY and PUBLISHABLE_KEY NangoHQ/nango#88)
84df813 feat: Default to disabling geoIP resolution (Missing Documentation NangoHQ/nango#89)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6144788

socket-security · 2024-01-05T23:01:39Z

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
posthog-node	3.3.0	None	`+3`	2.8 MB	ben-posthog

fix: packages/auth/package.json to reduce vulnerabilities

5db579c

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6144788

alejandrosuarez merged commit 005b0c1 into master Jan 5, 2024
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade posthog-node from 2.6.0 to 3.1.3 #8

[Snyk] Security upgrade posthog-node from 2.6.0 to 3.1.3 #8

alejandrosuarez commented Jan 5, 2024

socket-security bot commented Jan 5, 2024

[Snyk] Security upgrade posthog-node from 2.6.0 to 3.1.3 #8

[Snyk] Security upgrade posthog-node from 2.6.0 to 3.1.3 #8

Conversation

alejandrosuarez commented Jan 5, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

socket-security bot commented Jan 5, 2024