[Snyk] Upgrade cloudinary from 1.32.0 to 1.41.0

[mytamDo]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade cloudinary from 1.32.0 to 1.41.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2023-09-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-5537100	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5415299	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5422057	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: cloudinary

• 1.41.0 - 2023-09-26
  
  • fix: improved calculation of the signature in url
  • fix: improved ResourceApiResponse interface
  • fix: fetch overlay video creates correct transformation
  • feat: added support for on_success script for uploader_spec.js
• 1.40.0 - 2023-07-31
  
  • feat: visual search api
  • fix: adding clear_invalid only when not null
• 1.39.0 - 2023-07-24
  
  • feat: basic asset relations api
• 1.38.0 - 2023-07-20
  
  • feat: new method to_url added to support cached search feature
• 1.37.3 - 2023-06-26
  
  • fix: native http agent used instead of an external dependency
• 1.37.2 - 2023-06-19
  
  • chore: bumped npm override for vm2 to latest
• 1.37.1 - 2023-06-09
  
  • chore: removing ts installed with dtslint to prevent fails on older node.js
  • fix: only explicit require used
  • fix: upgrade core-js from 3.30.1 to 3.30.2
• 1.37.0 - 2023-05-16
  
  • feat: exposing structured metadata rules api
• 1.36.4 - 2023-05-02
  

  fix: isRemoteUrl check improved to reduce false positives

• 1.36.3 - 2023-05-02
• 1.36.2 - 2023-04-24
• 1.36.1 - 2023-04-13
• 1.36.0 - 2023-04-13
• 1.35.0 - 2023-03-03
• 1.34.0 - 2023-02-13
• 1.33.0 - 2022-12-15
• 1.32.0 - 2022-09-14

from cloudinary GitHub release notes

Commit messages

Package name: cloudinary

• 4d22af7 Version 1.41.0
• 4a805ef Merge pull request #631 from cloudinary/fix-url-signing-with-encoded-chars
• 47e4eed Merge pull request #630 from cloudinary/fix-resource-api-response-interface
• d78b737 fix: polifilled replaceAll
• 28667f8 fix: fixed tests to be consistent with other sdks
• 3b99d45 fix: fixed tests to be consistent with other sdks
• d22abf2 chore: better interface naming
• af74827 fix: make tests consistent with python sdk
• 7e23f76 fix: improved calculation of the signature in url
• ec0243e fix: improved ResourceApiResponse interface
• 96d30de fix: improved ResourceApiResponse interface
• 1b5be87 Merge pull request #629 from cloudinary/fetch-overlay-video-bug
• 0163f36 chore: clean up commented code
• b8396ef chore: clean up commented code
• a282075 fix: fetch overlay video creates correct transformation
• f4d7ebf Merge pull request #625 from cloudinary/on-success-script-for-upload
• a367036 feat: added support for on_success script for uploader_spec.js
• 242ac45 Version 1.40.0
• 1b8e2a0 Merge pull request #623 from cloudinary/visual-search
• ee9ad78 feat: visual search api
• 16854d4 Merge pull request #622 from cloudinary/fix-clear-invalid-added-to-request
• 4407b30 fix: adding clear_invalid only when not null
• f5d4fed Version 1.39.0
• 48586e3 Merge pull request #621 from cloudinary/basic-asset-relations-api

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
atbmhttt-ssrf-web-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 21, 2023 3:13pm
fbfood-is335-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 21, 2023 3:13pm