Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746
Yes Proof of Concept
Commit messages
Package name: knex The new version differs by 250 commits.
  • 40c80b3 release 0.11.0
  • 415d008 Prepare for 0.11.0
  • 8a303f1 Merge pull request #1342 from h0vhannes/mssql-conn-urls
  • 9903e7d Merge pull request #1372 from mdrmuhaimin/patch-1
  • 4d88e1d Update package.json to use latest node-postures
  • d990708 Merge pull request #1362 from wolfgang42/mssql-fixes
  • a7f609a mssql dialect: Fix integration tests that check for quoted wrappers.
  • aa3c1c2 mssql dialect: make createTableIfNotExists actually work.
  • 85403e8 Merge pull request #1343 from wubzz/bugfix/pool.ping_for_mssql
  • 14eca7a Fix MSSQL ping function, calling resource.request().query instead of resource.query.
  • 8e41a33 Add parse URL connection string tests for MSSQL
  • e49b0d4 Correct connection URL parsing for MSSQL
  • 1f09df8 Merge pull request #1296 from wubzz/default_pool_ping_fn_and_rollback_handler
  • a223858 Increase rollback timeout to 5secs
  • abfff60 Update documentation regarding default `ping` function.
  • fa12571 A default `ping` fn in default pool settings, and silently ignore errors when querying 'ROLLBACK' on a dead connection by using Promise.Timeout.
  • a104cc0 Merge pull request #1315 from wubzz/bugfix/missing_error_event_for_mysql2
  • bb9663f Merge pull request #1326 from wubzz/bugfix/renameCol_drops_default_value
  • d3b1fcc Fixed test, forgot ES6 is not supported in the test suite.
  • 0b45356 .renameColumn should not drop defaultValue or nullable state. Currently this happens for mysql. Fixes #933
  • 2fad6d1 Mysql2 should also listen to 'error' events.
  • b8c8572 Merge pull request #1313 from jurko-gospodnetic/code-cleanup
  • 34d9a76 Merge pull request #1269 from wubzz/bugfix/fix_valuesForUndefined_actual_query
  • e9ebf6f touch up wording in warning message about manually removing migration locks

See the full diff

Package name: objection The new version differs by 192 commits.
  • 1027cb9 v0.5.0
  • 86d55d9 update examples for objection 0.5.0
  • 6ca624e minor fixes
  • e8e4acd Merge pull request #148 from gitter-badger/gitter-badge
  • 6a1eb13 Add Gitter badge
  • 2874434 Merge pull request #142 from rafaljanicki/master
  • b1ffc1d Bumped up knex version
  • 066c6d1 Bumped up maximum knex version
  • 2612519 0.5.0-rc.5
  • 01e6498 0.5.0-rc.4
  • a5b4f4e fix #127
  • fd28e63 0.5.0-rc.3
  • b57a11e fix #124
  • 03949e7 add knex as a peerDependency so that compatibility can be assured
  • 0749cb1 remove some dead code
  • bb1c817 removing node 6 from travis for now. sqlite isn't updated to support it yet
  • 6be4858 0.5.0-rc.2
  • 5ed0e88 add alias option for joinRelation method. closes #121
  • 1d22fc4 add modify, options and columnInfo query builder methods. fixes #119
  • 10c654f add links to eager query blog post. closes #115
  • 9167176 add node 6 to travis config
  • 485ca3f fix babel build on pre 6 nodes
  • 5d006f2 change *Method to *Operation
  • a2a91f5 optimize babel build

See the full diff

Package name: request-promise The new version differs by 42 commits.
  • 21db39f Version 2.0.1
  • faaef8e updated dev dependencies
  • a847331 improved error output
  • 2373d58 Merge pull request #94 from ratson/master
  • 6b6f826 Update lodash to v4
  • 7174f7b Version 2.0.0
  • 9c454b5 feat: added node 5
  • 05b6314 Merge pull request #75 from hildjj/cls-depend
  • bf90827 As suggested in #70
  • ea0fd0c fix: specific jshint version for node 0.10 build
  • 791b920 Updated devDependencies
  • dbdeaba Version 1.0.2 (see issue #70)
  • 2552ed0 Corrected typos (issue #67)
  • e2d8dfa Reverted continuation-local-storage as peer dependency
  • ae5aa91 Version 1.0.1
  • 16fd16f continuation-local-storage as peer dependency to fix npm warning
  • 8823970 Documented missing braking change in v1.0.0
  • ca35c5f Version 1.0.0
  • ba7cf85 Adjusted test coverage measurement
  • d91340f Added comments
  • f31c36f Updated tests for examples
  • d6b5e84 Documented manual steps
  • f5201b0 Third part of fresh up
  • ff7c73e Second part of fresh up

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant