search

Alek-S / pseudozen

Online pseudocoder that makes pseudocoding as easy as it should be
Apache License 2.0
0 stars 0 forks source link

[Snyk] Fix for 2 vulnerabilities #31

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 No Proof of Concept
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MONGOOSE-1086688		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose The new version differs by 250 commits.
  • 5549f26 chore: release 5.12.2
  • 4b1aaac Merge pull request #10050 from SoftwareSing/fix-bulkwrite-with-timestamps-false
  • 3759f34 chore: address CR comments
  • 5ffbb8e fix(query): apply schema-level `select` option from array schematypes
  • 7d19c9f test(query): repro #10029
  • 4b0052e fix(schema): support setting `ref` as an option on an array SchemaType
  • 171c31f test(schema): repro #10029
  • 96f7905 fix(index.d.ts): make query methods return `QueryWithHelpers` so query helpers pass through chaining
  • 04f880f fix(index.d.ts): add back `Aggregate#project()` types that were mistakenly removed in 5.12.0
  • 9a3a7b4 style: fix lint
  • 91f003a Merge pull request #10053 from 418sec/1-npm-mongoose
  • 3ed44ff Merge pull request #1 from zpbrent/patch-2
  • 00e059d fix(index.d.ts): add `upserted` array to `updateOne()`, `updateMany()`, `update()` result
  • 003e477 add missing issue number
  • 0101ab8 fix(bulkwrite): make bulkWrite can work with `timestamps: false`
  • 9559c46 test(bulkwrite): repro #10048
  • 1bb97ba chore: update opencollective sponsors
  • 5888269 docs(mongoose+browser): fix broken links to info about `mongoose.Types`
  • 43b0cfa Merge branch 'master' of github.com:Automattic/mongoose
  • 03905c5 fix(index.d.ts): always allow setting `type` in Schema to a SchemaType class or a Schema instance
  • 422620b Merge pull request #10015 from Automattic/gh-9982
  • 7b14258 test(QueryCursor): fix tests from #10015
  • f2651d7 docs(transactions): introduce `session.withTransaction()` before `session.startTransaction()` because `withTransaction()` is the recommended approach
  • 61d313b chore: update opencollective sponsor logo
See the full diff
Package name: snyk The new version differs by 250 commits.
  • 2bdd4f6 Merge pull request #1564 from snyk/feat/mod-cli-init
  • abd2b9e chore: add dev-release job to pipeline
  • 6340ee7 feat: experimental standalone protect package
  • 9c7b3df feat: initial modular cli
  • b2500d6 Merge pull request #1612 from snyk/fix/gradle-graceful-resolvable-configs
  • ef81907 fix: gradle graceful resolvable configs
  • 40e7136 Merge pull request #1601 from snyk/feat/iac-experimental-local-exec
  • f8bd3f3 feat: iac experimental single k8s file
  • 7775c04 Merge pull request #1595 from snyk/fix/iac-add-file-path
  • 5d6a548 Merge pull request #1606 from snyk/smoke/debug-docker-bundle-install
  • 9922197 test: cat snyk_latest API call to debug docker bundle install
  • 86f4609 Merge pull request #1600 from snyk/fix/flakey-fn-and-test
  • 2b211b9 fix: use sync fs method to avoid race condition
  • d00c437 Merge pull request #1603 from snyk/fix/more-than-one-line-with-jsondeps
  • a8dea5e fix: more than one line with jsondeps
  • c94a0a4 Merge pull request #1602 from snyk/fix/scanning-lock-due-of-unresolved-dependencies
  • 746251e fix: scanning lock due of unresolved deps
  • 88f9d9a fix: add full file path to output file for iac scan
  • 3f4a57e Merge pull request #1596 from snyk/fix/gradle-54-java11-dockerfile
  • 50d34c0 fix: gradle 5.4 Java 11 Dockerfile npm install
  • fb23890 Merge pull request #1594 from snyk/chore/update-help-project-name-prefix
  • c7f31da Merge pull request #1578 from snyk/chore/cli-alert-improvement
  • 2593496 feat: add help for new --project-name-prefix flag
  • 229e12f fix: add filter, use GH name convention
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic