Skip to content

[Snyk] Fix for 1 vulnerabilities #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #55

wants to merge 1 commit into from

Conversation

netcode
Copy link
Owner

@netcode netcode commented Jan 9, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: method-override The new version differs by 19 commits.

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • d4f507f chore: release 5.2.6
  • 7eac18c style: fix lint
  • e47b669 fix(populate): make error reported when no `localField` specified catchable
  • 1e27f09 test(populate): repro #6767
  • 2b5e18a fix(query): upgrade mquery for readConcern() helper
  • 2bf81e7 test: try skipping in before()
  • d5b43da test: more test fixes re: #6754
  • e91d404 test(transactions): skip nested suite if parent suite skipped
  • 22c6c33 fix(query): propagate top-level session down to `populate()`
  • 0f24449 test(query): repro #6754
  • bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
  • f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
  • 4071de4 Merge pull request #6771 from Automattic/gh6750
  • 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
  • 695cb6f test(document): repro #6779
  • 0ca947e docs(document): add missing params for `toObject()`
  • b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
  • 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
  • 451c50e test: add quick spot check for webpack build
  • a0aaa82 Merge branch 'master' into gh6750
  • 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
  • 28621a5 test(document): repro #6754
  • 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
  • 42ddc42 test(connection): repro #6756

See the full diff

Package name: nodemailer The new version differs by 121 commits.
  • eaef3b5 Merge pull request #719 from nodemailer/v3.0.0
  • de5b6f6 updated license
  • 652ad8e Do not use PRO in name
  • 6218b8d Setup files for EUPL licensed v3.0.0
  • a108bc1 bumped mailcomposer
  • e1da543 v2.7.1
  • 3663c79 updated readme
  • 9314fcd Merge branch 'master' of github.com:nodemailer/nodemailer
  • 17c7702 v2.7.0
  • 5e22dad Merge pull request #685 from vijay22sai/fix-readme-typo
  • adb8bd0 Fix a typo in README
  • ee795f7 Merge pull request #676 from sadika9/patch-1
  • 9eddf01 Fix typo
  • dadeb9f Merge pull request #675 from killmenot/patch-1
  • 88a5cc2 added a link to nodemailer trap plugin
  • 0ca29c4 Merge pull request #674 from ekryski/patch-1
  • f1cb087 Adding mailgun transport link
  • 9b55bbe Merge pull request #672 from niftylettuce/master
  • d9e4e43 Added reference to newly published nodemailer-base64-to-s3
  • 06af6d2 updated package.json
  • a1d65e1 updated package.json
  • 125e3f6 updated package.json
  • 35bb998 updated package.json
  • 829ccf1 Update README.md

See the full diff

Package name: phantom-render-stream The new version differs by 13 commits.
  • be7ec63 2.0.0
  • f4074df Update HISTORY.md
  • ff287b1 Merge pull request #93 from joelmukuthu/master
  • 37729cc Added a section for the 2.0.0 release
  • c59949b Trimmed trailing whitespace and extra lines breaks
  • 22a9069 Bumped 'phantomjs-prebuilt' to 2.1.4 and set a caret version range for it
  • 267206a Update HISTORY.md
  • 536e47f s/phantomjs/PhantomJS in the README
  • cd033bf Updated references of 'phantomjs' to 'phantomjs-prebuilt'
  • a2adcee Renamed 'phantomjs' dependency to 'phantomjs-prebuilt'
  • 1c8fa11 Updated phantomjs dependency to 2.1.x
  • 64df47e Merge pull request #87 from markstos/patch-1
  • 8f2b408 Fix doc-bug: the document default value of maxRenders was out of sync with the current code.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
f38473e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@netcode @snyk-bot