[Snyk] Upgrade request-promise-native from 1.0.7 to 1.0.9

[snyk-bot]

Snyk has created this PR to upgrade request-promise-native from 1.0.7 to 1.0.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2020-07-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: request-promise-native

• 1.0.9 - 2020-07-22
  

  Version 1.0.9

• 1.0.8 - 2019-11-04
  No content.
• 1.0.7 - 2019-02-15
  No content.

from request-promise-native GitHub release notes

Commit messages

Package name: request-promise-native

• 578970f Version 1.0.9
• 8388f42 chore: bumped request-promise-core due to security vulnerability of lodash
• f53ac09 docs: reference to request deprecation and alternative libs
• 1165c4e Merge pull request #58 from shisama/readme-shows-deprecation
• 086632b docs: deprecated as well as request
• 6498be1 Version 1.0.8
• 3e8df67 Merge branch 'master' of https://github.com/request/request-promise-native
• 1592a31 chore: updated request-promise-core that updates lodash
• 171f3b5 Merge pull request #46 from tbjgolden/docs/clarify-es6-finally
• 239ce46 docs: es6+, finally

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[verygoodbot]

🍄 Trufflehog Scan

Secrets FOUND!

Show Output

~~~~~~~~~~~~~~~~~~~~~
Reason: Password in URL
Date: 2022-08-04 16:28:23
Hash: 58de4f35b91d5d8fe1a881cabb32f52c80584c60
Filepath: functions/checkr.js
Branch: origin/snyk-upgrade-54951cec074efb9765d89d60f13d035f
Commit: fix: upgrade request-promise-native from 1.0.7 to 1.0.9

Snyk has created this PR to upgrade request-promise-native from 1.0.7 to 1.0.9.

See this package in npm:
https://www.npmjs.com/package/request-promise-native

See this project in Snyk:
https://app.snyk.io/org/vgs/project/0c33d562-e607-4f72-9ceb-31ee01fd031c?utm_source=github&utm_medium=referral&page=upgrade-pr
http://${vgsUser}:${vgsPass}@${vgsTenant}.SANDBOX.verygoodproxy.io:8080`;

~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~
Reason: Password in URL
Date: 2022-08-04 16:28:23
Hash: 58de4f35b91d5d8fe1a881cabb32f52c80584c60
Filepath: functions/stripe.js
Branch: origin/snyk-upgrade-54951cec074efb9765d89d60f13d035f
Commit: fix: upgrade request-promise-native from 1.0.7 to 1.0.9

Snyk has created this PR to upgrade request-promise-native from 1.0.7 to 1.0.9.

See this package in npm:
https://www.npmjs.com/package/request-promise-native

See this project in Snyk:
https://app.snyk.io/org/vgs/project/0c33d562-e607-4f72-9ceb-31ee01fd031c?utm_source=github&utm_medium=referral&page=upgrade-pr
http://${vgsUser}:${vgsPass}@${vgsTenant}.SANDBOX.verygoodproxy.io:8080`;

~~~~~~~~~~~~~~~~~~~~~