Skip to content

[Snyk] Security upgrade kafka-node from 0.5.9 to 1.3.2#16

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-d3a3b3ee191af8410bfd5975cb5ecdc5
Open

[Snyk] Security upgrade kafka-node from 0.5.9 to 1.3.2#16
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-d3a3b3ee191af8410bfd5975cb5ecdc5

Conversation

@snyk-bot
Copy link
Copy Markdown
Contributor

@snyk-bot snyk-bot commented Jul 11, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746		 Yes Proof of Concept
Commit messages
Package name: kafka-node The new version differs by 53 commits.
  • 01838a9 1.3.2 (#575)
  • 31292c5 Fix issue where restarted kafka node could stall a consumer (#574)
  • 411cadd Add updateOffset tests (#573)
  • 23c2215 reducing autocommit fires when consumer is idle (#568)
  • a505abc Upgrade to lodash 4 (#565)
  • 399e91c 1.3.1 (#564)
  • 0f4c8b6 Fix consumer group not reconnecting when a broker comes back online (#563)
  • 7d8d374 Remove BrokerNotAvailableError from list of ConsumerGroupErrors (#562)
  • ea8b3b8 1.3.0 (#561)
  • 1314e93 Expose and group consumer group errors (#560)
  • 3480492 Add fetchEarliestOffsets to Offsets (#544)
  • f838e1f Consumer group should try to recover from a heartbeat timeout error (#559)
  • 8558947 1.2.1 (#557)
  • 9bcfb9d Fixes #554 argument is out of bounds exception (#556)
  • b9bef30 1.2.0 (#555)
  • 83840f9 Consumer group should handle offset out of range (#553)
  • 4bc6c78 Add doc notice about kafka HLC deprecation (#552)
  • 7094118 Consumer Group Heartbeat refactor (#547)
  • d20cce2 Let consumer group close to continue even if there’s a potential for … (#551)
  • 56c4191 1.1.0 (#545)
  • 5b92f06 Fixes #531 unhandled error in Offset (#543)
  • 2876902 Allow configuration of rebalance retry strategy on HighLevelConsumer (#542)
  • a98c419 Fix/commit 0 offset on fresh topic (#529)
  • ddd4b26 Upgrade nested-error-stacks to v2 for node v7 support (#540)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
92a77a0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot