8000 [Snyk] Fix for 6 vulnerabilities by matthojo · Pull Request #61 · coinolio/coinolio · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[Snyk] Fix for 6 vulnerabilities #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 6 vulnerabilities #61

wants to merge 1 commit into from

Conversation

matthojo
Copy link
Collaborator

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASHSET-1320032		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 No Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 No No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Prototype Pollution
npm:extend:20180424		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bcrypt The new version differs by 156 commits.
  • 2f124bd Fix artifact upload path
  • 10eacf5 Prepare v5.0.1
  • 6eacfe1 Merge pull request #856 from kelektiv/update-deps
  • feb477c Update node-pre-gyp to 1.0.0
  • 42c8b0c Merge pull request #852 from kelektiv/update-deps
  • bafefc3 Update packages
  • 7c5d8df Merge pull request #851 from recrsn/node-15-ci
  • 1ba55f9 Add Node 15 to CI
  • 19c06c1 Update Node version compatibility info
  • 09c 8000 b4fc Merge pull request #825 from dogon11/patch-1
  • 2821c03 Merge pull request #811 from techhead/use_buffers
  • 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
  • 984ef18 remove reference to $2y$ algo identifier
  • 630c897 fixes: #828
  • 0f93284 README.md typo fix
  • 4125ebc Update README.md
  • f503e57 Create SECURITY.md
  • f158e6e Allow optional use of Node Buffers.
  • 8866277 Deploy on any travis tag
  • 61139e6 v5.0.0
  • 1bde62c Update node-pre-gyp to 0.15.0
  • 40770d6 Add NodeJS 14 to appveyor CI
  • 5916a46 Merge pull request #807 from techhead/known_length
  • f28e916 Reword comment

See the full diff

Package name: express-jwt The new version differs by 15 commits.
  • c4de5de 6.1.1
  • 691fd6a Merge pull request #272 from ryanpcmcquen/prototype-pollution-vulnerability-fix
  • 551bf40 Fix prototype pollution vulnerability.
  • 354e1f8 6.1.0
  • 3db0e6b Merge pull request #265 from pipeline1987/master
  • 67bd3c4 upgrade express-unless dependency to v1.0.0
  • 5cf9b0b Merge pull request #236 from auth0/dependabot/npm_and_yarn/lodash-4.17.19
  • adf60bb Merge pull request #239 from auth0/update-changelog
  • ed743a8 Updated changelog
  • 61776e2 Bump lodash from 4.17.15 to 4.17.19
  • 5fb8c88 Merge pull request #234 from gkwang/update-readme
  • 43b7921 Update readme on 6.0.0 changes
  • 678f3b0 6.0.0
  • 7ecab5f Merge pull request from GHSA-6g6m-m6h5-w9gf
  • 304a1c5 Made algorithms mandatory

See the full diff

Package name: knex The new version differs by 250 commits.
  • ed0e8a5 Fix SQLite not doing rollback when altering columns fails (#4336)
  • 3c70dca Prepare 0.95.0 for release
  • c1ab23c Await asynchronous expect assertions (#4334)
  • 3e6176a SQLite parser improvements (#4333)
  • a98614d Made the constraint detection case-insensitive (#4330)
  • 5d2db21 Fix ArrayIfAlready type (#4331)
  • 887a4f6 Improve join and conflict types v2 (#4318)
  • 29b8a36 Adjust generateDdlCommands return type (#4326)
  • d807832 mssql: schema builder - attempt to drop default constraints when changing default value on columns (#4321)
  • c0d8c5c mssql: schema builder - add predictable constraint names for default values (#4319)
  • 5ec76f5 Convert produced statements to objects before querying (#4323)
  • 9e28a72 Add support for altering columns to SQLite (#4322)
  • 7db2d18 fix mssql alter column must have its own query (#4317)
  • 371864d Bump typescript from 4.1.5 to 4.2.2 (#4312)
  • 6c3e7b5 mssql: don't raise query-error twice (#4314)
  • 168f2af Bump eslint-config-prettier from 7.2.0 to 8.1.0 (#4315)
  • 3718d64 Respect KNEX_TEST, support omitting sqlite3 from DB, and reduce outside mssql test db config (#4313)
  • c58794b Prepare to release 0.95.0-next3
  • 61e1046 Avoid importing entire lodash to ensure tree-shaking is working correctly (#4302)
  • 8c73417 events: introduce queryContext on query-error (#4301)
  • b6fd941 Include 'name' property in MigratorConfig (#4300)
  • 9581100 Prepare to release 0.95.0-next2
  • 5614c18 Timestamp UTC Standardization for Migrations (#4245)
  • 4899346 Fix for ES Module detection using npm@7 (#4295) (#4296)

See the full diff

Package name: kue-scheduler The new version differs by 25 commits.

See the full diff

Package name: node-telegram-bot-api The new version differs by 105 commits.
  • 5385d41 feat: update to v0.64.0 version
  • 12d4d25 deps: Change request to @ cypress/request (#1145)
  • f17e801 docs: revokeChatInviteLink
  • 595cdbd feat: Telegram Bot API 6.8 support (#1113)
  • dfe24a4 docs: update api.md for setWebHook (fix #1083) (#1084)
  • 542002e feat: Telegram Bot API Support 6.6 + 6.7 [WIP] (#1069)
  • 2885db0 Merge pull request #1094 from kaiserdj/patch-1
  • ad2b8c2 docs: Update group link
  • 4ec6a68 docs: Update group link
  • ab0eb18 fix: Handle rejected when open a webhook in a port that was already in use
  • c4164a2 docs: Update README
  • 6077f9b docs: update api.md for createNewStickerSet (#1043)
  • 41f493b docs: update README.md (#1044)
  • 53b5565 fix: remove try catch in _fixAddFileThumb
  • 58261d1 feat: Telegram Bot API 6.4 Support (#1040)
  • 4ef4fe9 Update incorrect link in tutorials.md (#1027)
  • ab59286 feat: Telegram Bot API v6.3 (#1020)
  • 0eb8b80 fix: Parse entities when sending request (#1013)
  • ccdd146 docs: Fix readme with correct link to api docs
  • d853704 fix: Changelog
  • 22d99fd docs: update @ types install note (#999)
  • fe4afd6 feat: Support Bot API v6.2 (#996)
  • c9b05e7 feat: Support test enviroment (#994)
  • f50cf98 Hotfix: tests + modify order src/telegram + docs (#988)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthojo @snyk-bot
0