Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Regular Expression Denial of Service (ReDoS) π¦ Regular Expression Denial of Service (ReDoS) π¦ Regular Expression Denial of Service (ReDoS) π¦ More lessons are available in Snyk Learn
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 8.1
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
Why? Has a fix available, CVSS 8.1
SNYK-JS-BSON-561052
Why? Proof of Concept exploit, Has a fix available, CVSS 4.1
SNYK-JS-EJS-1049328
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JS-EJS-2803307
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
SNYK-JS-EXPRESSVALIDATOR-174763
Why? Has a fix available, CVSS 7.4
SNYK-JS-HAWK-2808852
Why? Has a fix available, CVSS 7.5
SNYK-JS-MONGODB-473855
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-MONGOOSE-1086688
Why? Proof of Concept exploit, Has a fix available, CVSS 7
SNYK-JS-MONGOOSE-2961688
Why? Has a fix available, CVSS 5.9
SNYK-JS-MONGOOSE-472486
Why? Proof of Concept exploit, Has a fix available, CVSS 6.8
SNYK-JS-MORGAN-72579
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-MPATH-1577289
Why? Has a fix available, CVSS 7.3
SNYK-JS-MPATH-72672
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-MQUERY-1050858
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-MQUERY-1089718
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
SNYK-JS-NODEMAILER-1038834
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
SNYK-JS-NODEMAILER-1296415
Why? Has a fix available, CVSS 4.8
SNYK-JS-PASSPORT-2840631
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-VALIDATOR-1090599
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-VALIDATOR-1090600
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-VALIDATOR-1090601
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-VALIDATOR-1090602
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express-validator
The new version differs by 97 commits.- cd4136e 6.5.0
- 612e2d9 Don't modify requests if oneOf chain didn't succeed (#877)
- 7595c94 chain: comment out isDate for now
- 8b604af chain: add missing methods to Validators interface
- ab6ffe4 npm: upgrade validator to 13.0.0 (#874)
- 29374cb 6.4.1
- 70af46e npm: audit fix dependencies
- efbfe3a Only consider . to be special char for now
- 42819ae npm: update dependencies
- 7736384 Remove console.log
- 3814c0a Fix use of special chars in selectors
- 0c450a9 docs: fix... typo? (#842)
- 246f2ea docs: improve wording in matchedData page (#846)
- 6123155 docs: improve wording in whole-body validation (#845)
- 3124129 docs: fix typo in schema validation and improve wording (#844)
- d85b368 docs: fix verb tense in the custom validator page (#841)
- 19531ec docs: fix verb tense in the validationResult page (#847)
- f868e23 docs: small fixes in the wildcard feature (#843)
- 31d73c2 npm: add build script
- 008a0ae docs: migrate usages of sanitize to check
- 4bbe421 6.4.0
- acb2ad7 npm: run docs:build before git add on versioning
- 5e293cf Compile TS to ES2017 (#826)
- 0163461 npm: upgrade a few packages (#825)
See the full diffPackage name: mongoose
The new version differs by 250 commits.- ca7996b chore: release 5.13.15
- e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
- a1144dc test: run node 7 tests with upgraded npm re: #12297
- dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
- b9e985c test: more strict @ types/node version
- 4d813fa test: fix @ types/node version in tests re: #12297
- 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
- 5eb11dd made function non async
- 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
- a2ec28d Merge pull request #11366 from laissonsilveira/5.x
- 05ce577 Fix broken link from findandmodify method deprecation
- d2b846f chore: release 5.13.14
- 69c1f6c docs(models): fix up nModified example for 5.x
- 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
- a738440 chore: release 5.13.13
- 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
- c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
- ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
- d205c4d make value optional
- c6fd7f7 Fix ts types for query set
- 22e9b3b [gh-10902 v5] Add node major version to utils
- 5468642 [gh-10902 v5] Emit end event in before close
- 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
- b7ebeec Update mongodb driver to 3.7.3
See the full diffPackage name: morgan
The new version differs by 27 commits.- 572dd93 1.9.1
- e02de38 lint: apply standard 12 style
- e329663 Fix using special characters in format
- eb1968a tests: use strict equality checks
- 310b206 build: use yaml eslint configuration
- 5810937 build: Node.js@9.11
- f60afd5 build: Node.js@8.11
- 5295b0c build: eslint-plugin-standard@3.1.0
- 178daaf build: eslint-plugin-promise@3.8.0
- 7b08641 build: eslint-plugin-import@2.12.0
- 73cb666 build: eslint@4.19.1
- edc95aa build: Node.js@6.14
- ace86c3 build: Node.js@4.9
- 4dd1180 lint: apply standard 11 style
- 60c31e8 build: Node.js@9.8
- 05e382f build: Node.js@8.10
- 1a5be20 build: Node.js@6.13
- cf9565f docs: remove gratipay badge
- b66251d build: eslint-plugin-node@5.2.0
- 0113732 build: eslint-plugin-import@2.8.0
- 47659a9 deps: depd@~1.1.2
- 695f659 build: support Node.js 9.x
- f4c51e9 build: Node.js@8.9
- 4f15f36 build: Node.js@6.12
See the full diffPackage name: nodemailer
The new version differs by 99 commits.- 7e02648 v6.6.1
- 1750c0f v6.6.0
- 0636d58 Merge branch 'master' of github.com:nodemailer/nodemailer
- 058d414 v6.6.0
- fcb0d1f test: π aws ses SDK v3 support
- 2ef39e3 test: π aws ses connection verification
- 6107585 fix: π ses verify, add support for v3 API
- bf57cf5 Fixes resolveContent with streams overriding data
- 91108d7 v6.5.0
- 87d9b25 Pass through textEncoding to subnodes.
- 271f91b Update index.js
- 9b5fb94 v6.4.18
- 625a9ed Update README.md
- 1d24d8b docs: added rudimentary sponsor quote block
- a455716 Added OhMySMTP to services
- 6e045d1 v6.4.17
- ba31c64 v6.4.16
- 7e7b2b2 v6.4.15
- fca2041 Update CHANGELOG.md
- b4ccfa3 Oups
- 24b93bf Add ethereal.email to well-known/services.json
- 0f132fa doc: make the code a little more accessible with some code comments.
- 1815bad v6.4.14
- dd26ddd v6.4.13
See the full diffPackage name: passport
The new version differs by 126 commits.- c33067b 0.6.0
- 3052bb4 Update changelog.
- 42630cb Merge pull request #900 from jaredhanson/fix-fixation
- 8dd79fe Use utils-merge rather than Object.assign for compatibility.
- 4f6bd5b Change keepSessionData to keepSessionData.
- 46756e5 Silence verbose logging.
- 987b191 Add tests.
- f8a175f Add tests.
- 29a90d6 No need to guard callback existence.
- bfba8a1 Add tests.
- 17111d7 Add option to keep session data on logout.
- a349c2b Add option to keep session data.
- e69834e Add optional options to login and logout.
- 8825a9a Add tests.
- c1991cf Add tests.
- 294f22c Better session detection and exceptions.
- 80cc4e3 Add tests.
- 3001654 Add tests.
- b395106 Clean up tests.
- cfa8259 Add tests.
- ee0bf81 Add tests.
- cc7606c Add tests.
- 71c54f6 Add test.
- 88c1f1b Handle logout without session manager.
See the full diffPackage name: request
The new version differs by 31 commits.- 6420240 2.88.0
- bd22e21 fix: massive dependency upgrade, fixes all production vulnerabilities
- 925849a Merge pull request #2996 from kwonoj/fix-uuid
- 7b68551 fix(uuid): import versioned uuid
- 5797963 Merge pull request #2994 from dlecocq/oauth-sign-0.9.0
- 628ff5e Update to oauth-sign 0.9.0
- 10987ef Merge pull request #2993 from simov/fix-header-tests
- cd848af These are not going to fail if there is a server listening on those ports
- a92e138 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904)
- 45ffc4b Improve AWS SigV4 support. (#2791)
- a121270 Merge pull request #2977 from simov/update-cert
- bd16414 Update test certificates
- 536f0e7 2.87.1
- 02fc5b1 Update changelog
- de1ed5a 2.87.0
- a6741d4 Replace hawk dependency with a local implemenation (#2943)
- a7f0a36 2.86.1
- 8f2fd4d Update changelog
- 386c7d8 2.86.0
- 76a6e5b Merge pull request #2885 from ChALkeR/patch-1
- db76838 Merge branch 'patch-1' of github.com:ChALkeR/request
- fb7aeb3 Merge pull request #2942 from simov/fix-tests
- e47ce95 Add Node v10 build target explicitly
- 0c5db42 Skip status code 105 on Node > v10
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Regular Expression Denial of Service (ReDoS) π¦ Regular Expression Denial of Service (ReDoS) π¦ Regular Expression Denial of Service (ReDoS) π¦ More lessons are available in Snyk Learn