Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 7.4
SNYK-JS-HAWK-2808852
Why? Recently disclosed, Has a fix available, CVSS 4.8
SNYK-JS-PASSPORT-2840631
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: passport
The new version differs by 126 commits.- c33067b 0.6.0
- 3052bb4 Update changelog.
- 42630cb Merge pull request #900 from jaredhanson/fix-fixation
- 8dd79fe Use utils-merge rather than Object.assign for compatibility.
- 4f6bd5b Change keepSessionData to keepSessionData.
- 46756e5 Silence verbose logging.
- 987b191 Add tests.
- f8a175f Add tests.
- 29a90d6 No need to guard callback existence.
- bfba8a1 Add tests.
- 17111d7 Add option to keep session data on logout.
- a349c2b Add option to keep session data.
- e69834e Add optional options to login and logout.
- 8825a9a Add tests.
- c1991cf Add tests.
- 294f22c Better session detection and exceptions.
- 80cc4e3 Add tests.
- 3001654 Add tests.
- b395106 Clean up tests.
- cfa8259 Add tests.
- ee0bf81 Add tests.
- cc7606c Add tests.
- 71c54f6 Add test.
- 88c1f1b Handle logout without session manager.
See the full diffPackage name: request
The new version differs by 18 commits.- 02fc5b1 Update changelog
- de1ed5a 2.87.0
- a6741d4 Replace hawk dependency with a local implemenation (#2943)
- a7f0a36 2.86.1
- 8f2fd4d Update changelog
- 386c7d8 2.86.0
- 76a6e5b Merge pull request #2885 from ChALkeR/patch-1
- db76838 Merge branch 'patch-1' of github.com:ChALkeR/request
- fb7aeb3 Merge pull request #2942 from simov/fix-tests
- e47ce95 Add Node v10 build target explicitly
- 0c5db42 Skip status code 105 on Node > v10
- d555bd7 Generate server certificates for Node > v10
- 81f8cb5 Remove redundant code
- db17497 Use Buffer.from and Buffer.alloc in tests
- 0d29635 Merge pull request #2923 from gareth-robinson/cifixes
- 3745cec Correction for Windows OS identification
- 219a298 Alterations for failing CI tests
- bbb3a0b 2.85.1
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.