Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , bcrypt, cloudinary, dotenv, express, express-fileupload, firebase, joi, jsonwebtoken, mongoose, nodemailer #63

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Abellache-Rabah
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@uploadcare/upload-client
from 6.6.1 to 6.14.1 | 13 versions ahead of your current version | 6 months ago
on 2024-03-08
bcrypt
from 5.0.1 to 5.1.1 | 2 versions ahead of your current version | a year ago
on 2023-08-16
cloudinary
from 1.37.3 to 1.41.3 | 7 versions ahead of your current version | 8 months ago
on 2024-01-18
dotenv
from 16.3.1 to 16.4.5 | 7 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-fileupload
from 1.4.0 to 1.5.1 | 5 versions ahead of your current version | 2 months ago
on 2024-07-13
firebase
from 10.0.0 to 10.13.0 | 352 versions ahead of your current version | a month ago
on 2024-08-15
joi
from 17.9.2 to 17.13.3 | 13 versions ahead of your current version | 3 months ago
on 2024-06-19
jsonwebtoken
from 9.0.0 to 9.0.2 | 2 versions ahead of your current version | a year ago
on 2023-08-30
mongoose
from 7.6.8 to 7.8.1 | 8 versions ahead of your current version | 21 days ago
on 2024-08-19
nodemailer
from 6.9.3 to 6.9.14 | 11 versions ahead of your current version | 3 months ago
on 2024-06-19

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-PROTOBUFJS-5756498
519 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
519 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
519 No Known Exploit
medium severity Uncontrolled Resource Consumption
SNYK-JS-GRPCGRPCJS-7242922
519 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEMAILER-6219989
519 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
519 Proof of Concept
Release notes
Package name: @uploadcare/upload-client
  • 6.14.1 - 2024-03-08

    6.14.1 (2024-03-08)

  • 6.14.1-alpha.1 - 2024-02-27
  • 6.14.1-alpha.0 - 2024-02-27
  • 6.14.0 - 2024-02-15

    6.14.0 (2024-02-15)

    Features

    • New package @ uploadcare/image-shrink to reduce image size in the browser. See docs here.
  • 6.13.0 - 2024-02-06

    6.13.0 (2024-02-06)

    Bug Fixes

    • upload-client/group: use body to send query parameters (#511) (16f36f7)

    Features

    • rest-client: export CancelError from the package (83f10c6)
  • 6.12.1 - 2024-01-12

    6.12.1 (2024-01-12)

    Bug Fixes

    • rest-client: send signed API requests with body in Firefox (#508) (6705984)
  • 6.12.0 - 2023-12-22

    6.12.0 (2023-12-22)

    Deprecations

    • UploadcareNetworkError is deprecated. Please use NetworkError instead.
    • UploadClientError is deprecated. Please use UploadError instead.

    Features

    • api-client-utils: add base class UploadcareError for the errors (766586a)
    • rest-client: export UploadcareError and RestClientError from the package module (6432653)
    • upload-client: export CancelError from the package (7adf799)
    • upload-client: rename UploadcareNetworkError export to the NetworkError. UploadcareNetworkError is deprecated but still exported. (62cc416)
    • upload-client: rename UploadClientError export to the UploadError. UploadClientError is deprecated but still exported. (7c03c3d)
  • 6.11.1 - 2023-12-19

    6.11.1 (2023-12-19)

    Bug Fixes

    • upload-client/react-native: update bundle path (#504) (a0668c4)
  • 6.11.0 - 2023-11-30

    6.11.0 (2023-11-15)

    Features

    • rest-client: add AWS Rekognition Moderation addon (67a01dc)
  • 6.10.0 - 2023-11-14

    6.10.0 (2023-11-14)

    Features

    • rest-client/convert: add saveInGroup option to document conversion method (#499) (50720b7)
  • 6.9.0 - 2023-11-14

    6.9.0 (2023-11-14)

    Features

    • rest-client: add Document Info endpoint (7f0c528)
  • 6.8.0 - 2023-10-30

    6.8.0 (2023-10-30)

    Bug Fixes

    • types: imageInfo.datetimeOriginal could be null or string (#489) (4a717e1)

    Features

    • upload-client: export isReadyPoll helper to wait for the file readiness (12cf9b1)
  • 6.7.0 - 2023-10-19
  • 6.6.1 - 2023-05-03
from @uploadcare/upload-client GitHub release notes
Package name: bcrypt from bcrypt GitHub release notes
Package name: cloudinary
  • 1.41.3 - 2024-01-18
  • 1.41.2 - 2024-01-08
  • 1.41.1 - 2023-12-18
  • 1.41.0 - 2023-09-26
  • 1.40.0 - 2023-07-31
  • 1.39.0 - 2023-07-24
  • 1.38.0 - 2023-07-20
  • 1.37.3 - 2023-06-26
from cloudinary GitHub release notes
Package name: dotenv from dotenv GitHub release notes
Package name: express from express GitHub release notes
Package name: express-fileupload
  • 1.5.1 - 2024-07-13

    What's Changed

    • New option hashAlgorithm.

    Full Changelog: v1.5.0...v.1.5.1

  • 1.5.0 - 2024-03-14

    What's Changed

    • Ability to set custom logger for debug logging. See option logger.
    • Optimize upload timer.

    Full Changelog: v1.4.3...v.1.5.0

  • 1.4.3 - 2023-11-21

    What's Changed

    • TypeError - Cannot read properties of undefined (reading 'includes') in lib/isEligibleRequest.js (issue #364).

    Full Changelog: v1.4.2...v.1.4.3

  • 1.4.2 - 2023-11-01

    What's Changed

    • Fix TypeError: file.destroy is not a function (issue #259).
    • Stricter request method and headers checks (to comply with RFC 2046).
    • Do not run next after abortion on limit (issue #238).

    Full Changelog: v1.4.1...v.1.4.2

  • 1.4.1 - 2023-09-24

    What's Changed

    • Fix processing file names with special characters(Issue #342 )
    • Significantly decreased package size due using generated files for tests.
    • Update dependencies.

    Full Changelog: v1.4.0...v.1.4.1

  • 1.4.0 - 2022-05-24

    What's Changed

    New Contributors

    Full Changelog: v1.3.1...v1.4.0

from express-fileupload GitHub release notes
Package name: firebase
  • 10.13.0 - 2024-08-15
  • 10.13.0-canary.fa0ed08fb - 2024-08-21
  • 10.13.0-canary.f7c6dc4fe - 2024-08-15
  • 10.13.0-canary.c6a885181 - 2024-08-22
  • 10.13.0-canary.8a96f4f11 - 2024-08-20
  • 10.13.0-canary.62348e116 - 2024-08-20
  • 10.13.0-canary.5594ebc9f - 2024-08-23
  • 10.13.0-canary.4ff947408 - 2024-08-23
  • 10.13.0-canary.4c2c78b1f - 2024-08-22
  • 10.13.0-canary.2ee2a90ae - 2024-08-19
  • 10.13.0-canary.1ff9661af - 2024-08-20
  • 10.13.0-canary.12ba46ff4 - 2024-08-20
  • 10.13.0-canary.05c34c91e - 2024-08-19
  • 10.13.0-20240814182916 - 2024-08-14
  • 10.13.0-20240813205648 - 2024-08-13
  • 10.12.5 - 2024-08-01
  • 10.12.5-canary.e6b852562 - 2024-08-12
  • 10.12.5-canary.cfca9c66a - 2024-08-13
  • 10.12.5-canary.b4c5ef3c3 - 2024-08-01
  • 10.12.5-canary.6d6ce8100 - 2024-08-14
  • 10.12.5-canary.6b0ca77b2 - 2024-08-14
  • 10.12.5-canary.2ddbd4e49 - 2024-08-06
  • 10.12.5-canary.16015723b - 2024-08-08
  • 10.12.5-canary.08bb87b9f - 2024-08-06
  • 10.12.5-20240730204232 - 2024-07-30
  • 10.12.4 - 2024-07-19
  • 10.12.4-dataconnect-preview.d986d4bf2 - 2024-07-31
  • 10.12.4-canary.e542f1dbd - 2024-07-25
  • 10.12.4-canary.b9244a517 - 2024-07-24
  • 10.12.4-canary.b284467c1 - 2024-07-26
  • 10.12.4-canary.aef54687d - 2024-07-30
  • 10.12.4-canary.a9f844066 - 2024-07-26
  • 10.12.4-canary.6c3acf575 - 2024-07-30
  • 10.12.4-canary.6bb2e8931 - 2024-07-30
  • 10.12.4-canary.62661245f - 2024-07-25
  • 10.12.4-canary.46da0930c - 2024-07-24
  • 10.12.4-canary.3f2c12a07 - 2024-07-26
  • 10.12.4-canary.23581c6d9 - 2024-07-30
  • 10.12.4-canary.14b772077 - 2024-07-19
  • 10.12.4-20240716220314 - 2024-07-16
  • 10.12.3 - 2024-07-03
  • 10.12.3-canary.fd8bd4b02 - 2024-07-16
  • 10.12.3-canary.f58d48cd4 - 2024-07-16
  • 10.12.3-canary.d752e8096 - 2024-07-10
  • 10.12.3-canary.84fe88079 - 2024-07-10
  • 10.12.3-canary.52f8deb1d - 2024-07-03
  • 10.12.3-canary.4b4db85ff - 2024-07-15
  • 10.12.3-canary.1b9d95e5a - 2024-07-19
  • 10.12.3-canary.025f2a103 - 2024-07-18
  • 10.12.3-20240703135951 - 2024-07-03
  • 10.12.3-20240702143745 - 2024-07-02 ...

Snyk has created this PR to upgrade:
  - @uploadcare/upload-client from 6.6.1 to 6.14.1.
    See this package in npm: https://www.npmjs.com/package/@uploadcare/upload-client
  - bcrypt from 5.0.1 to 5.1.1.
    See this package in npm: https://www.npmjs.com/package/bcrypt
  - cloudinary from 1.37.3 to 1.41.3.
    See this package in npm: https://www.npmjs.com/package/cloudinary
  - dotenv from 16.3.1 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - express from 4.18.2 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - express-fileupload from 1.4.0 to 1.5.1.
    See this package in npm: https://www.npmjs.com/package/express-fileupload
  - firebase from 10.0.0 to 10.13.0.
    See this package in npm: https://www.npmjs.com/package/firebase
  - joi from 17.9.2 to 17.13.3.
    See this package in npm: https://www.npmjs.com/package/joi
  - jsonwebtoken from 9.0.0 to 9.0.2.
    See this package in npm: https://www.npmjs.com/package/jsonwebtoken
  - mongoose from 7.6.8 to 7.8.1.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - nodemailer from 6.9.3 to 6.9.14.
    See this package in npm: https://www.npmjs.com/package/nodemailer

See this project in Snyk:
https://app.snyk.io/org/rabah01abellache/project/1d5c5634-de88-4444-8f2d-ce2f9f553e17?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants