Skip to content
This repository was archived by the owner on Mar 13, 2025. It is now read-only.

[Snyk] Upgrade dynamoose from 2.3.0 to 2.8.2 #59

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade dynamoose from 2.3.0 to 2.8.2 #59

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade dynamoose from 2.3.0 to 2.8.2.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-09-21.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-AWSSDK-1059424		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-DYNAMOOSE-1070792		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: dynamoose
  • 2.8.2 - 2021-09-21

    Version 2.8.2

    This release fixes a few major bugs.

    Please comment or contact me if you have any questions about this release.

    Bug Fixes

    • Fixed bug where Model initialization would fail if waitForActive: true
    • Fixing multiple bugs where objects passed into Dynamoose functions would be mutated

    Documentation

    • Added FAQ about empty arrays or objects
    • Improved schema index documentation
    • Improving Scan.startAt & Query.startAt example in documentation
    • Fixing issue where \n appeared in schema attribute type documentation appeared instead of new line
  • 2.8.1 - 2021-08-21

    Version 2.8.1

    This release includes a few critical bug fixes.

    Please comment or contact me if you have any questions about this release.

    Bug Fixes

    • Fix issue where query would fail with Index can't be found for query error when querying table itself
    • Resolve issue where Model.update would fail if beginning of attribute was identical to another attribute and marked as required
    • Fix issue in TypeScript where you couldn't pass a number value in for a key parameter
    • Resolved bug where passing a string or number in for Model.update key parameter would throw error
  • 2.8.0 - 2021-08-14

    Version 2.8.0

    This release contains general stability improvements to Dynamoose.

    Please comment or contact me if you have any questions about this release.

    General

    • New returnValues settings property for Model.update
    • Allowing waitForActive model setting to be a boolean

    Bug Fixes

    • Improvements to index selection when querying without using method
    • Including saveUnknown properties when using Model.update
    • Allowing for strings to be passed into Query.sort method when using TypeScript
    • Removing internal cache to improve memory usage
    • Improving performance when working with Buffers

    Documentation

    • Model default settings documentation fixes
  • 2.7.3 - 2021-03-17

    Version 2.7.3

    This release moves internal Dynamoose object utilities to a different package.

    Please comment or contact me if you have any questions about this release.

    Other

    • Moving internal object utilities to different package
  • 2.7.2 - 2021-03-14

    Version 2.7.2

    This release fixes a bug related to the return value of document.save and Model.create, and more.

    Please comment or contact me if you have any questions about this release.

    Bug Fixes

    • document.save & Model.create now return the document saved to DynamoDB
    • Type messages now display null when passing in a invalid type null value as opposed to the previous object

    Other

    • Added some more TypeScript tests
  • 2.7.1 - 2021-03-11

    Version 2.7.1

    This release has a lot of bug fixes for Dynamoose.

    Please comment or contact me if you have any questions about this release.

    Bug Fixes

    • Fixing issue where with required check failing for non updating properties when using $DELETE in Model.delete
    • Prioritizing indexes with range key when querying
    • Improvements to type and schema matching for nested properties
    • Fixing issue where retrieving previously created model would ignore prefix and suffix
    • Fixing TypeScript issues with nested models
    • Fixing issue where nested models would auto-populate
    • Fixing issues with nested models within nested elements

    Documentation

    • Making saveUnknown more clear in documentation

    Other

    • Added warning when passing in undefined into Conditional
  • 2.7.0 - 2021-02-06

    Version 2.7.0

    This release patches a 🚨 security vulnerability 🚨.

    Please comment or contact me if you have any questions about this release.

    General

    Bug Fixes

    • Fixed a bug related to update setting being true for model with index
  • 2.6.0 - 2021-01-31
  • 2.5.0 - 2020-12-13
  • 2.4.1 - 2020-11-26
  • 2.4.0 - 2020-11-22
  • 2.3.0 - 2020-07-28
from dynamoose GitHub release notes
Commit messages
Package name: dynamoose
  • 687435b Merge pull request #1273 from dynamoose/version/2.8.2
  • 354c387 Adding changelog for 2.8.2
  • 41b2292 Updating README to 2.8.2
  • cdf4da8 Bumping version to 2.8.2
  • 0e6556f Merge pull request #1271 from dynamoose/waitForActiveBooleanFix
  • 14f3de9 Merge branch 'master' into waitForActiveBooleanFix
  • 2c57286 Merge pull request #1272 from dynamoose/continueOnErrorCoveralls
  • f534406 Adding continue-on-error: true for Coveralls jobs
  • 3b7124f Disabling broken test
  • c00201a Trying to fix bug where it would hang when waitForActive = true
  • d6fe253 Merge pull request #1267 from dynamoose/publishUpdatePackageLockCorrectly
  • 3005533 Trying to fix package-lock publish version update
  • bf25e9e Updating fileContentsJSON[""].version when publishing
  • a3e15da Merge pull request #1266 from MukulKolpe/docs
  • f7ab204 Removing space before <br/> in Schema docs
  • 8617723 fix: replaced \n with line break in Schema
  • b8d703c Merge pull request #1261 from andrewda/fix-date-test
  • ffcb006 Fix date test instability
  • 334cc4a Merge pull request #1258 from andrewda/deep-copy
  • 483706d Using better solution to deep_copy class instances
  • c8eab5d Update tests
  • f0a900f Merge branch 'master' into deep-copy
  • 54d70f4 Fixing lint errors
  • 6d2ccfe Using custom deep_copy method

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot