[Snyk] Security upgrade @kubernetes/client-node from 0.15.1 to 0.19.0

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @kubernetes/client-node

• 0.19.0 - 2023-09-17
  

  Release 0.19.0

  • Support for Kubernetes 1.27 APIs
  • Small bug fixes
  • Many dependencies updated
• 0.18.1 - 2023-01-21
  

  Updates to Kubernetes 1.25

• 0.18.0 - 2022-12-15
  

  Bumps mocha and @ types/mocha. These dependencies needed to be updated together.

  Updates mocha from 10.1.0 to 10.2.0

  • Release notes
  • Changelog
  • Commits

  Updates @ types/mocha from 5.2.7 to 10.0.1

  • Release notes
  • Commits

  ---

  updated-dependencies:

  • dependency-name: mocha
    dependency-type: direct:development
    update-type: version-update:semver-minor
  • dependency-name: "@ types/mocha"
    dependency-type: direct:development
    update-type: version-update:semver-major
    ...

  Signed-off-by: dependabot[bot] [email protected]

  Signed-off-by: dependabot[bot] [email protected]
  Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@ users.noreply.github.com>

• 0.17.1 - 2022-09-11
  

  update package-lock

• 0.17.0 - 2022-06-27
  

  …cret

  Support to refresh the tokens correctly when client-secret is set empty

• 0.16.3 - 2022-02-09
  

  Changes relative to 0.15.x

  • Support for Kubernetes 1.22.x
  • Bug fix to support IntOrString types
  • Add List method to generic types API
  • Bug fix in Azure Auth
• 0.16.2 - 2022-01-19
  

  Update to 0.16.2

• 0.16.1 - 2021-11-19
  

  Update typescript open API generator to handle the IntOrString type

• 0.16.0 - 2021-11-12
• 0.15.1 - 2021-08-17

from @kubernetes/client-node GitHub release notes

Commit messages

Package name: @kubernetes/client-node

The new version differs by 250 commits.

• e5b15c3 Fix a version update that I missed. (RELEASE snyk/kubernetes-monitor#1267)
• ae50c03 Merge pull request allow snyk-monitor to run on arm64 snyk/kubernetes-monitor#1266 from brendandburns/release
• cbf1f98 Update for release 0.19.0
• 9cf0df0 Merge pull request [CIT-75] Add optional service acc token env var snyk/kubernetes-monitor#1265 from kubernetes-client/automated-generate-9997ce52
• f6f83d0 Automated openapi generation from release-1.27
• c0dcf54 Update generate-javascript.yml
• fabb4a3 Update generate-javascript.yml
• b5f5259 Update generate-javascript.yml
• ba985e5 Merge pull request RELEASE snyk/kubernetes-monitor#1254 from Ananya2001-an/refactor-examples
• 5864449 build(deps-dev): bump @ types/tar from 6.1.5 to 6.1.6 (feat: make network resource monitoring configurable snyk/kubernetes-monitor#1264)
• 78c4c65 Merge branch 'kubernetes-client:master' into refactor-examples
• c52503f Merge pull request [CIT-112] test: update system tests to check for auth header existence snyk/kubernetes-monitor#1261 from kubernetes-client/dependabot/npm_and_yarn/ws-8.14.1
• e57f6a7 build(deps): bump ws from 8.14.0 to 8.14.1
• cfbd8a8 Merge pull request RELEASE snyk/kubernetes-monitor#1260 from kubernetes-client/dependabot/npm_and_yarn/openid-client-5.5.0
• 62eff2a Merge pull request feat: INST-265 Scrape Service and Ingress by kubernetes-monitor snyk/kubernetes-monitor#1255 from pfarkya/multiClient
• bc99861 build(deps): bump @ types/node from 20.5.9 to 20.6.0 (RELEASE snyk/kubernetes-monitor#1259)
• 1cd2d26 build(deps): bump openid-client from 5.4.3 to 5.5.0
• fbcf074 FEAT: Adding support for multiple client
• f6f0465 chore: add kubectl equivalent examples
• edc3e40 Merge pull request [CIT-75] test: use unique cluster name in integration tests snyk/kubernetes-monitor#1251 from kubernetes-client/dependabot/npm_and_yarn/ws-8.14.0
• 435d9b3 Merge pull request [CIT-78] fix: fix vulns in gcloud-sdk acr-env and node snyk/kubernetes-monitor#1249 from kubernetes-client/dependabot/npm_and_yarn/tar-6.2.0
• a571e95 build(deps): bump ws from 8.13.0 to 8.14.0
• ab75d29 build(deps): bump tar from 6.1.15 to 6.2.0
• 6d5e2f9 Merge pull request Fix/log validation failure snyk/kubernetes-monitor#1247 from kubernetes-client/dependabot/github_actions/actions/checkout-4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.