[Snyk] Security upgrade steamladder from 1.0.7 to 2.0.2 #1419

jaxxibae · 2024-02-02T15:18:17Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: steamladder

The new version differs by 26 commits.

22c51fd Update version
1813880 Merge pull request Fixes #2 #8 from SwitchbladeBot/fix/country-codes
a9a2525 update version
71c21a8 fix country code error
ee26fb1 Update README + version
26e9610 Merge pull request Re-making the README document #7 from SwitchbladeBot/feat/typescript
dbe315c fix homepage url
acfe4a2 remove regions type from getLadder
011e143 remove axios types dependency
29c8d74 update usage with string literals
e39e3d3 import and export using type keyword
22fc24c replace enums with object literals
5e7f01b add CI build step
1ffbc82 update README
3c15134 update version to v2
619f9f3 add ladder typings
7e3f528 add axios typings
323a791 remove docs/ from git ignore
2013e20 add profile typings
e1e1fd8 add region enum
1cc9346 add error handling
7fb5579 convert to typescript and add build
0cd95d2 remove docs
5da1eaf remove examples

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137

fix: package.json & package-lock.json to reduce vulnerabilities

1fea8ef

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137

jaxxibae requested a review from a team as a code owner February 2, 2024 15:18

Doges closed this Apr 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade steamladder from 1.0.7 to 2.0.2 #1419

[Snyk] Security upgrade steamladder from 1.0.7 to 2.0.2 #1419

jaxxibae commented Feb 2, 2024

[Snyk] Security upgrade steamladder from 1.0.7 to 2.0.2 #1419

[Snyk] Security upgrade steamladder from 1.0.7 to 2.0.2 #1419

Conversation

jaxxibae commented Feb 2, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: