Skip to content

[Snyk] Upgrade cloudinary from 1.34.0 to 1.41.0 #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade cloudinary from 1.34.0 to 1.41.0 #72

wants to merge 1 commit into from

Conversation

Codehackerone
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade cloudinary from 1.34.0 to 1.41.0.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2023-09-26.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Sandbox Bypass
SNYK-JS-VM2-5537100		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-VM2-5772823		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-VM2-5772825		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept
Sandbox Escape
SNYK-JS-VM2-5415299		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept
Sandbox Escape
SNYK-JS-VM2-5422057		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept
Improper Handling of Exceptional Conditions
SNYK-JS-VM2-5426093		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 No Known Exploit
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
SNYK-JS-VM2-5537079		 597/1000
Why? Proof of Concept exploit, CVSS 9.8		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: cloudinary
  • 1.41.0 - 2023-09-26
    • fix: improved calculation of the signature in url
    • fix: improved ResourceApiResponse interface
    • fix: fetch overlay video creates correct transformation
    • feat: added support for on_success script for uploader_spec.js
  • 1.40.0 - 2023-07-31
    • feat: visual search api
    • fix: adding clear_invalid only when not null
  • 1.39.0 - 2023-07-24
    • feat: basic asset relations api
  • 1.38.0 - 2023-07-20
    • feat: new method to_url added to support cached search feature
  • 1.37.3 - 2023-06-26
    • fix: native http agent used instead of an external dependency
  • 1.37.2 - 2023-06-19
    • chore: bumped npm override for vm2 to latest
  • 1.37.1 - 2023-06-09
    • chore: removing ts installed with dtslint to prevent fails on older node.js
    • fix: only explicit require used
    • fix: upgrade core-js from 3.30.1 to 3.30.2
  • 1.37.0 - 2023-05-16
    • feat: exposing structured metadata rules api
  • 1.36.4 - 2023-05-02

    fix: isRemoteUrl check improved to reduce false positives

  • 1.36.3 - 2023-05-02
    • fix: smd number field allows both numbers and string when uploading
    • fix: isRemoteUrl not working on big files sometimes
  • 1.36.2 - 2023-04-24
  • 1.36.1 - 2023-04-13
  • 1.36.0 - 2023-04-13
  • 1.35.0 - 2023-03-03
  • 1.34.0 - 2023-02-13
from cloudinary GitHub release notes
Commit messages
Package name: cloudinary
  • 4d22af7 Version 1.41.0
  • 4a805ef Merge pull request #631 from cloudinary/fix-url-signing-with-encoded-chars
  • 47e4eed Merge pull request #630 from cloudinary/fix-resource-api-response-interface
  • d78b737 fix: polifilled replaceAll
  • 28667f8 fix: fixed tests to be consistent with other sdks
  • 3b99d45 fix: fixed tests to be consistent with other sdks
  • d22abf2 chore: better interface naming
  • af74827 fix: make tests consistent with python sdk
  • 7e23f76 fix: improved calculation of the signature in url
  • ec0243e fix: improved ResourceApiResponse interface
  • 96d30de fix: improved ResourceApiResponse interface
  • 1b5be87 Merge pull request #629 from cloudinary/fetch-overlay-video-bug
  • 0163f36 chore: clean up commented code
  • b8396ef chore: clean up commented code
  • a282075 fix: fetch overlay video creates correct transformation
  • f4d7ebf Merge pull request #625 from cloudinary/on-success-script-for-upload
  • a367036 feat: added support for on_success script for uploader_spec.js
  • 242ac45 Version 1.40.0
  • 1b8e2a0 Merge pull request #623 from cloudinary/visual-search
  • ee9ad78 feat: visual search api
  • 16854d4 Merge pull request #622 from cloudinary/fix-clear-invalid-added-to-request
  • 4407b30 fix: adding clear_invalid only when not null
  • f5d4fed Version 1.39.0
  • 48586e3 Merge pull request #621 from cloudinary/basic-asset-relations-api

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@anuragc2001 anuragc2001 removed their assignment Jan 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Codehackerone @anuragc2001 @snyk-bot