[Snyk] Upgrade cloudevents from 3.2.0 to 6.0.1

[tlawrie]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade cloudevents from 3.2.0 to 6.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 12 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-03-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: cloudevents

• 6.0.1 - 2022-03-21
  

  Miscellaneous

  • update dependencies to inlude ajv-formats (#484) (c0b1f77), closes /github.com/cloudevents/sdk-javascript/pull/471/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R128
• 6.0.0 - 2022-03-21
  

  ⚠ BREAKING CHANGES

  • add http transport and remove axios (#481)

  Features

  • add http transport and remove axios (#481) (0362a4f)
  • precompile cloudevent schema (#471) (b13bde9)

  Miscellaneous

  • add an npm test:once script (#480) (b4d7aa9)
  • update package.json format and deps (#479) (6204805)
  • update the release documentation (#476) (c420da4)

  Documentation

  • update readme to include http builtin transport (#483) (4ab6356)
• 5.3.2 - 2022-02-11
  

  Bug Fixes

  • use isolatedModules: true in tsconfig.json (#469) (b5c0b56)

  Miscellaneous

  • bump typedoc to remove vuln (#472) (c3d9f39)
• 5.3.1 - 2022-02-03
  

  Bug Fixes

  • improve binary data detection in HTTP transport (#468) (cd4dea9)
  • package.json & package-lock.json to reduce vulnerabilities (#462) (ae8fa79)

  Documentation

  • add TS examples for CloudEvent usage (#461) (c603831)
  • fix ts example (#467) (349b84c)

  Miscellaneous

  • update readme with current Node LTS versions and add Node 16 to the testing matrix(#465) (8abbc11)
• 5.3.0 - 2022-01-18
  

  Features

  • add MQTT transport messaging (#459) (591d133)
  • add support for kafka transport (#455) (5d1f744)

  Miscellaneous

  • refactor: prefer interfaces over concrete classes (#457) (2ac731e)
  • update cucumber dependency and remove prettier (#453) (320354f)
• 5.2.0 - 2021-12-07
  

  Features

  • add batch mode (#448) (9a46e33)
• 5.1.0 - 2021-12-03
  

  Features

  • use generic type for CloudEvent data (#446) (d941e2d)

  Bug Fixes

  • do not assume an empty content-type header is JSON (#444) (52ea7de)
  • package.json & package-lock.json to reduce vulnerabilities (#439) (0f5a4c0)

  Miscellaneous

  • add test for text/plain data (#442) (b4266b1)
• 5.0.0 - 2021-10-05
  

  ⚠ BREAKING CHANGES

  • remove support for 0.3 events (#425)

  Features

  • add native logging with headers and body to CloudEvent (#437) (b38a48f)

  Bug Fixes

  • update express example with framework features. (#429) (272bcea), closes #379
  • ensure source property has min length of 1 (#438) (2ff7852)
  • package.json & package-lock.json to reduce vulnerabilities (#433) (cf47248)
  • package.json & package-lock.json to reduce vulnerabilities (#434) (8814919)
  • package.json & package-lock.json to reduce vulnerabilities (#436) (2dc846c)

  Miscellaneous

  • remove node 10 from ci (#435) (a7db466)
  • remove support for 0.3 events (#425) (2bd9a5a)
  • update eslint and prettier dependencies (#424) (061c122)
  • use git submodules for conformance tests (#427) (2118488)
• 4.0.3 - 2021-07-06
  

  Bug Fixes

  • do not modify incoming event's specversion (#419) (22e42dd)
  • do not modify incoming event's specversion (#419) (7c05ade)
  • throw on validation if extensions are improperly named (#420) (7f6b658)

  Miscellaneous

  • add copyrights header and lint rules (#418) (80d987c)
  • add Lance Ball to maintainers in package.json (#411) (d68b85a)
  • be more forgiving parsing JSON as a string (#417) (db4be6b)
• 4.0.2 - 2021-04-23
  

  Bug Fixes

  • defaults properly handled for emitterFor() (#399) (0f11b02)
  • ensure loose validation for isEvent and toEvent (#394) (efe466a)
  • examples/typescript-ex/package.json to reduce vulnerabilities (#395) (d359355)

  Documentation

  • fix 'npm run generate-docs' (#398) (447252e)

  Miscellaneous

  • add markdown linter (#403) (fea5ac2)
  • externalize remark-lint config (#406) (192c6a3)
  • remove @ types/axios and add axios in dev (#408) (a0009f6)
  • remove standard-version (#402) (edd3c7f)
  • tweak PR template (#407) (26ceb90)
  • update CI workflow to include Node.js 14.x (#404) (cc43f3b)
  • update codacy badges (#409) (66f0b42)
• 4.0.1 - 2021-03-23
• 4.0.0 - 2020-12-11
• 3.2.0 - 2020-09-11

from cloudevents GitHub release notes

Commit messages

Package name: cloudevents

• a512aad chore: release 6.0.1 (#485)
• c0b1f77 chore: update dependencies to inlude ajv-formats (#484)
• 0164f72 chore: release 6.0.0 (#482)
• 4ab6356 docs: update readme to include http builtin transport (#483)
• 0362a4f feat!: add http transport and remove axios (#481)
• b4d7aa9 chore: add an npm test:once script (#480)
• 6204805 chore: update package.json format and deps (#479)
• ae8cb96 doc: update maintainers in README.md (#478)
• c420da4 chore: update the release documentation (#476)
• b13bde9 feat: precompile cloudevent schema (#471)
• 4d8f03f build(deps): bump follow-redirects from 1.14.7 to 1.14.8 (#473)
• 9046b36 chore: release 5.3.2 (#470)
• c3d9f39 chore: bump typedoc to remove vuln (#472)
• b5c0b56 fix: use `isolatedModules: true` in tsconfig.json (#469)
• f36a1f0 chore: release 5.3.1 (#466)
• cd4dea9 fix: improve binary data detection in HTTP transport (#468)
• 8abbc11 chore: update readme with current Node LTS versions and add Node 16 to the testing matrix(#465)
• 349b84c docs: fix ts example (#467)
• c603831 docs: add TS examples for CloudEvent usage (#461)
• ae8fa79 fix: package.json & package-lock.json to reduce vulnerabilities (#462)
• 225836f build(deps): bump follow-redirects from 1.14.6 to 1.14.7 (#460)
• 98009d9 chore: release 5.3.0 (#458)
• 591d133 feat: add MQTT transport messaging (#459)
• 5d1f744 feat: add support for kafka transport (#455)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs