[Snyk] Upgrade: argon2, better-sqlite3, clamscan, dompurify, express, express-rate-limit, express-session, image-size, jsdom #27
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
argon2
from 0.31.2 to 0.40.3 | 6 versions ahead of your current version | 3 months ago
on 2024-05-25
better-sqlite3
from 9.2.2 to 9.6.0 | 9 versions ahead of your current version | 4 months ago
on 2024-04-26
clamscan
from 2.1.2 to 2.3.1 | 6 versions ahead of your current version | 2 months ago
on 2024-07-23
dompurify
from 3.0.6 to 3.1.6 | 12 versions ahead of your current version | 2 months ago
on 2024-07-05
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 5 months ago
on 2024-03-25
express-rate-limit
from 7.1.5 to 7.4.0 | 4 versions ahead of your current version | 2 months ago
on 2024-07-23
express-session
from 1.17.3 to 1.18.0 | 1 version ahead of your current version | 7 months ago
on 2024-01-28
image-size
from 1.0.2 to 1.1.1 | 2 versions ahead of your current version | 8 months ago
on 2024-01-02
jsdom
from 23.0.1 to 23.2.0 | 2 versions ahead of your current version | 8 months ago
on 2024-01-07
Issues fixed by the recommended upgrade:
SNYK-JS-WS-7266574
SNYK-JS-DOMPURIFY-6474511
SNYK-JS-EXPRESS-6474509
SNYK-JS-TAR-6476909
SNYK-JS-INFLIGHT-6095116
Release notes
Package name: argon2
Fix issue with publishing tags starting with v
Note: this is the last version that will support Node 16 since it's support has ended on 2023-09-11. Please upgrade to 18 or preferably 20 as soon as possible.
What's Changed
New Contributors
Full Changelog: v0.31.1...v0.31.2
Package name: better-sqlite3
What's Changed
v30
prebuilds by @ m4heshd in #1175Full Changelog: v9.5.0...v9.6.0
What's Changed
Full Changelog: v9.4.5...v9.5.0
Fixed pre-built binaries for some platforms. (#1168)
Full Changelog: v9.4.4...v9.4.5
What's Changed
New Contributors
Full Changelog: v9.4.3...v9.4.4
What's Changed
v29
by @ m4heshd in #1148Full Changelog: v9.4.2...v9.4.3
NOTE: Electron v29 prebuilds are broken in this release.
We'll get a new release out as soon as we can.
What's Changed
v29
prebuilds by @ m4heshd in #1147Full Changelog: v9.4.1...v9.4.2
What's Changed
arm
based macOS builds natively by @ m4heshd in #1135arm64
prebuilds by @ m4heshd in #1141Full Changelog: v9.4.0...v9.4.1
What's Changed
Full Changelog: v9.3.0...v9.4.0
What's Changed
Full Changelog: v9.2.2...v9.3.0
This is identical to v9.2.1, but GitHub Actions failed to fully publish the binaries due to a network error, and failed to re-run the build job.
Package name: clamscan
Bug Fixes
Bug Fixes
scanDir
(and others) was unnecessarily stripping multiple spaces in a file name. Fixes #126find
. This was fixed by using a pure JS method of finding files in a directory recursively (and not). Fixes #126Enhancements
scanDir
now provides additional feedback in the form ofnumGoodFiles
. This is a compromise created in lieu of the potentially dangerous alternative of providing all clean files scanned (which could be millions in some cases). This value is available in callback and promise-style APIs.multiscan
... Before, single-threaded scanning was using theSCAN
command; now it's using theCONTSCAN
command so that all files are scanned.Other
Full Changelog: v2.2.3...v2.3.0
Bug Fixes
scanStream
(#127).Bug Fixes
Fixes
Other
Merges:
Other
Thanks to all that reported issues and contributed fixes!
Fixes Vulnerabilities
Package name: dompurify
bower.js
, thanks @ HakumenNCisNaN
checks, thanks @ tulachnodeType
property, thanks @ ssi02014Package name: express
What's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3
Package name: express-rate-limit
You can view the changelog here.
Fixed
creationStack
validation check when a storewith
localKeys
set to false is used.creationStack
check.You can view the full changelog here.
Added
unsharedStore
validation check that identifies cases where asingle store instance is shared across multiple limiters.
You can view the full changelog here.
Added
creationStack
validation check that looks for instances createdin a request handler.
You can view the full changelog here.
Fixed
async
requestWasSuccessful
methods to work as documented.You can view the full changelog here.
Package name: express-session
partitioned
tocookie
optionspriority
tocookie
optionssecret
thatcrypto.createHmac
supportsexpires
option to reject invalid datesPackage name: image-size
1.1.1
This release adds support for KTX2.0, and AVIF/HEIC/HEIF images.
Changes
1.0.2
Package name: jsdom
This release switches our CSS selector engine from
nwsapi
to@ asamuzakjp/dom-selector
. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up
@ asamuzakjp/dom-selector
is appreciated, and feel free to open an issue if this has had a significant impact on your project.ElementInternals
, including theshadowRoot
getter and the string-valued ARIA properties. (zjffun)Element
.history.pushState()
andhistory.replaceState()
to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.input.valueAsANumber
setter to handleNaN
correctly. ...