Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: apollo-server-core, apollo-server, apollo-server-fastify, , , , , cron, date-fns, exceljs, fastq, fastify, graphql, graphql-middleware, ioredis, graphql-redis-subscriptions, graphql-ws, mongodb, node-iframe, nodemailer, ws #433

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: apollo-server-core, apollo-server, apollo-server-fastify, , , , , cron, date-fns, exceljs, fastq, fastify, graphql, graphql-middleware, ioredis, graphql-redis-subscriptions, graphql-ws, mongodb, node-iframe, nodemailer, ws #433

wants to merge 1 commit into from

Conversation

j-mendez
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

apollo-server-core
from 3.12.0 to 3.13.0 | 2 versions ahead of your current version | 10 months ago
on 2023-11-14
apollo-server
from 3.12.0 to 3.13.0 | 2 versions ahead of your current version | 10 months ago
on 2023-11-14
apollo-server-fastify
from 3.12.0 to 3.13.0 | 2 versions ahead of your current version | 10 months ago
on 2023-11-14
@a11ywatch/protos
from 0.4.7 to 0.4.8 | 1 version ahead of your current version | 6 months ago
on 2024-03-03
@a11ywatch/website-source-builder
from 0.1.14 to 0.1.15 | 1 version ahead of your current version | 6 months ago
on 2024-03-23
@grpc/grpc-js
from 1.10.3 to 1.11.1 | 10 versions ahead of your current version | 2 months ago
on 2024-07-16
@grpc/proto-loader
from 0.7.7 to 0.7.13 | 7 versions ahead of your current version | 4 months ago
on 2024-05-01
cron
from 2.3.0 to 2.4.4 | 6 versions ahead of your current version | a year ago
on 2023-09-25
date-fns
from 2.29.3 to 2.30.0 | 1 version ahead of your current version | a year ago
on 2023-04-30
exceljs
from 4.3.0 to 4.4.0 | 1 version ahead of your current version | a year ago
on 2023-10-19
fastq
from 1.15.0 to 1.17.1 | 3 versions ahead of your current version | 7 months ago
on 2024-02-05
fastify
from 3.29.4 to 3.29.5 | 1 version ahead of your current version | 2 years ago
on 2023-01-21
graphql
from 15.8.0 to 15.9.0 | 1 version ahead of your current version | 3 months ago
on 2024-06-21
graphql-middleware
from 6.1.33 to 6.1.35 | 2 versions ahead of your current version | a year ago
on 2023-07-07
ioredis
from 5.3.2 to 5.4.1 | 2 versions ahead of your current version | 5 months ago
on 2024-04-17
graphql-redis-subscriptions
from 2.6.0 to 2.6.1 | 1 version ahead of your current version | 4 months ago
on 2024-05-02
graphql-ws
from 5.13.1 to 5.16.0 | 6 versions ahead of your current version | 6 months ago
on 2024-03-27
mongodb
from 5.5.0 to 5.9.2 | 9 versions ahead of your current version | 9 months ago
on 2023-12-05
node-iframe
from 1.9.4 to 1.10.0 | 1 version ahead of your current version | 7 months ago
on 2024-02-09
nodemailer
from 6.8.0 to 6.9.14 | 15 versions ahead of your current version | 3 months ago
on 2024-06-19
ws
from 8.13.0 to 8.18.0 | 9 versions ahead of your current version | 2 months ago
on 2024-07-03

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 176 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 176 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 176 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 176 Proof of Concept
medium severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-JSZIP-3188562		 176 No Known Exploit
medium severity Information Exposure
SNYK-JS-MONGODB-5871303		 176 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEMAILER-6219989		 176 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 176 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 176 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 176 Proof of Concept
medium severity Uncontrolled Resource Consumption
SNYK-JS-GRPCGRPCJS-7242922		 176 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 176 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 176 No Known Exploit
low severity Information Exposure
SNYK-JS-APOLLOSERVERCORE-5876618		 176 No Known Exploit
Release notes
Package name: apollo-server-core
  • 3.13.0 - 2023-11-14
  • 3.12.1 - 2023-08-30
  • 3.12.0 - 2023-03-02
from apollo-server-core GitHub release notes
Package name: apollo-server
  • 3.13.0 - 2023-11-14
  • 3.12.1 - 2023-08-30
  • 3.12.0 - 2023-03-02
from apollo-server GitHub release notes
Package name: apollo-server-fastify
  • 3.13.0 - 2023-11-14
  • 3.12.1 - 2023-08-30
  • 3.12.0 - 2023-03-02
from apollo-server-fastify GitHub release notes
Package name: @a11ywatch/protos
  • 0.4.8 - 2024-03-03
  • 0.4.7 - 2023-02-17
from @a11ywatch/protos GitHub release notes
Package name: @grpc/grpc-js
  • 1.11.1 - 2024-07-16
    • Fixed an issue where building from source would sometimes fail (#304)
    • Added NodeJS 10 pre-built binaries (#302)
    • Added Electron 2 pre-built binaries (#291)
    • Added TypeScript type definitions for APIs added in v1.11.x (#306)
  • 1.11.0 - 2024-07-15

    @ grpc/proto-loader v0.1.0

    This is a new library for loading .proto files for use with gRPC using the latest version of Protobuf.js. The output of this package is intended to be loaded using the new loadPackageDefinition function in the grpc library.

    @ grpc/grpc-js v0.1.0

    This is the first alpha release of the new pure JavaScript implementation of gRPC. It implements the same API as the existing grpc library. Currently only the client is implemented, with the following functionality:

    • loadPackageDefinition
    • Unary and streaming calls
    • Cancellation
    • Deadlines
    • Metadata
    • Basic automatic reconnection logic
    • Channel and call credentials

    grpc v1.11.0

    Node changes:

    • Add client interceptors API (#59 contributed by @ drobertduke)
    • Add loadPackageDefintion function (#196)
    • Publish ARM64 binaries (#200)
    • Improve function type test in a client method (#204 contributed by @ arcana261)
    • Add details to UNIMPLEMENTED response status (#207 contributed by @ theogravity)
    • Add error handling for missing files when calling grpc.load (#228 contributed by @ cblair)
    • Fix error message in grpc.loadObject when failing to detect Protobuf.js version (#253 contributed by @ kellycampbell)
    • Remove -zdefs flag from binding.gyp to enable building on FreeBSD (#266)
  • 1.10.11 - 2024-07-10
  • 1.10.10 - 2024-06-24
  • 1.10.9 - 2024-06-10
  • 1.10.8 - 2024-05-15
  • 1.10.7 - 2024-05-01
  • 1.10.6 - 2024-04-03
  • 1.10.5 - 2024-04-01
  • 1.10.4 - 2024-03-26
  • 1.10.3 - 2024-03-15
from @grpc/grpc-js GitHub release notes
Package name: @grpc/proto-loader
  • 0.7.13 - 2024-05-01
  • 0.7.12 - 2024-03-28
  • 0.7.11 - 2024-03-26
  • 0.7.10 - 2023-09-18
  • 0.7.9 - 2023-08-23
  • 0.7.9-pre.1 - 2023-07-28
  • 0.7.8 - 2023-07-11
  • 0.7.7 - 2023-05-03
from @grpc/proto-loader GitHub release notes
Package name: cron
  • 2.4.4 - 2023-09-25

    2.4.4 (2023-09-25)

    🐛 Bug Fixes

  • 2.4.3 - 2023-08-26

    2.4.3 (2023-08-26)

    🐛 Bug Fixes

    • fix range parsing when upper limit = 0 (#687) (d96746f)

    🚨 Tests

  • 2.4.2 - 2023-08-26

    2.4.2 (2023-08-26)

    🐛 Bug Fixes

  • 2.4.1 - 2023-08-14

    2.4.1 (2023-08-14)

    🐛 Bug Fixes

    • replace loop timeout by max match date (#686) (c685c63)

    ⚙️ Continuous Integrations

  • 2.4.0 - 2023-07-24

    2.4.0 (2023-07-24)

    ✨ Features

    🐛 Bug Fixes

    • don't start job in setTime if it wasn't running (7e26c23)

    🛠 Builds

    • npm: ship type definitions with releases (0b663a8)

    🚨 Tests

    • add test case for #598 fix (4322ef2)
    • don't stop/start job before using setTime (f0d5d3f)

    ⚙️ Continuous Integrations

    • add support for beta & maintenance releases (#677) (c6fc842)
    • setup conventional commits & release automation (#673) (c6f39ff)

    ♻️ Chores

    • update default branch name (#678) (7471e95)
    • wrap setTime tests in describe and move down (31989e0)
  • 2.3.1 - 2023-05-25

    2.3.1 (2023-05-25)

    🐛 Bug Fixes

    • fix: don't start job in setTime if it wasn't running

    🚨 Tests

    • Update testing libraries for Node v19
    • add passing range test

    ♻️ Chores

    • add logo to README!
    • update usage wording in README
    • Eslint update to latest + lint fixes
  • 2.3.0 - 2023-03-16
from cron GitHub release notes
Package name: date-fns
  • 2.30.0 - 2023-04-30
  • 2.29.3 - 2022-09-13
from date-fns GitHub release notes
Package name: exceljs

@snyk-bot
fix: upgrade multiple dependencies with Snyk
956dc13 
Snyk has created this PR to upgrade:
  - apollo-server-core from 3.12.0 to 3.13.0.
    See this package in npm: https://www.npmjs.com/package/apollo-server-core
  - apollo-server from 3.12.0 to 3.13.0.
    See this package in npm: https://www.npmjs.com/package/apollo-server
  - apollo-server-fastify from 3.12.0 to 3.13.0.
    See this package in npm: https://www.npmjs.com/package/apollo-server-fastify
  - @a11ywatch/protos from 0.4.7 to 0.4.8.
    See this package in npm: https://www.npmjs.com/package/@a11ywatch/protos
  - @a11ywatch/website-source-builder from 0.1.14 to 0.1.15.
    See this package in npm: https://www.npmjs.com/package/@a11ywatch/website-source-builder
  - @grpc/grpc-js from 1.10.3 to 1.11.1.
    See this package in npm: https://www.npmjs.com/package/@grpc/grpc-js
  - @grpc/proto-loader from 0.7.7 to 0.7.13.
    See this package in npm: https://www.npmjs.com/package/@grpc/proto-loader
  - cron from 2.3.0 to 2.4.4.
    See this package in npm: https://www.npmjs.com/package/cron
  - date-fns from 2.29.3 to 2.30.0.
    See this package in npm: https://www.npmjs.com/package/date-fns
  - exceljs from 4.3.0 to 4.4.0.
    See this package in npm: https://www.npmjs.com/package/exceljs
  - fastq from 1.15.0 to 1.17.1.
    See this package in npm: https://www.npmjs.com/package/fastq
  - fastify from 3.29.4 to 3.29.5.
    See this package in npm: https://www.npmjs.com/package/fastify
  - graphql from 15.8.0 to 15.9.0.
    See this package in npm: https://www.npmjs.com/package/graphql
  - graphql-middleware from 6.1.33 to 6.1.35.
    See this package in npm: https://www.npmjs.com/package/graphql-middleware
  - ioredis from 5.3.2 to 5.4.1.
    See this package in npm: https://www.npmjs.com/package/ioredis
  - graphql-redis-subscriptions from 2.6.0 to 2.6.1.
    See this package in npm: https://www.npmjs.com/package/graphql-redis-subscriptions
  - graphql-ws from 5.13.1 to 5.16.0.
    See this package in npm: https://www.npmjs.com/package/graphql-ws
  - mongodb from 5.5.0 to 5.9.2.
    See this package in npm: https://www.npmjs.com/package/mongodb
  - node-iframe from 1.9.4 to 1.10.0.
    See this package in npm: https://www.npmjs.com/package/node-iframe
  - nodemailer from 6.8.0 to 6.9.14.
    See this package in npm: https://www.npmjs.com/package/nodemailer
  - ws from 8.13.0 to 8.18.0.
    See this package in npm: https://www.npmjs.com/package/ws

See this project in Snyk:
https://app.snyk.io/org/j-mendez/project/a856e7ec-3c81-4251-a6c3-1974682eed73?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@j-mendez @snyk-bot