search

GTBitsOfGood / hope-sustains-life

A donation website for the nonprofit Hope Sustains Life.
hope-sustains-life.vercel.app
MIT License
4 stars 1 forks source link

[Snyk] Security upgrade mongodb from 3.6.3 to 3.6.10 #205

Open Arthelon opened 1 year ago

Arthelon commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **496/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 4.2 | Information Exposure
[SNYK-JS-MONGODB-5871303](https://snyk.io/vuln/SNYK-JS-MONGODB-5871303) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongodb The new version differs by 81 commits.
  • 1297cd1 chore(release): 3.6.10
  • e9196ab refactor(NODE-3324): bump max wire version to 13 (#2875)
  • 3ce148d fix(NODE-3397): report more helpful error with unsupported authMechanism in initial handshake (#2876)
  • 558182f test(NODE-3307): unified runner does not assert identical keys (#2867)
  • 621677a fix(NODE-3380): perform retryable write checks against server (#2861)
  • e4a9a57 fix(NODE-3150): added bsonRegExp option for v3.6 (#2843)
  • 750760c fix(NODE-3358): Command monitoring objects hold internal state references (#2858)
  • a917dfa fix(NODE-2035): Exceptions thrown from awaited cursor forEach do not propagate (#2852)
  • b98f206 refactor(NODE-3356): Update command monitoring logging (#2853)
  • 68b4665 test(NODE-2856): ensure defaultTransactionOptions get used from session (#2845)
  • 8c8b4c3 fix(NODE-3356): update redaction logic for command monitoring events (#2847)
  • 2c5d440 test(NODE-3357): extend timeout for atlas connectivity (#2846)
  • fd97808 test(NODE-3288): sync command-monitoring spec tests to 3.6 (#2838)
  • bf8b21b docs: change links to use https (#2836)
  • f42ac4c refactor(NODE-2752): deprecate strict option for Db.collection (#2819)
  • 394832a chore(release): 3.6.9
  • fac9610 fix(NODE-3309): remove redundant iteration of bulk write result (#2815)
  • 58c4e69 fix: fix url parsing for a mongodb+srv url that has commas in the database name (#2789)
  • 6c8cc84 chore(release): 3.6.8
  • 6e3bab3 fix(cmap): undo flipping of `beforeHandshake` flag for timeout errors (#2813)
  • 4fd03e8 chore(release): 3.6.7
  • 6ceace6 fix(NODE-3192): check clusterTime is defined before access (#2806)
  • 1967515 test(NODE-3187): port unified test runner (#2783)
  • 5d8f649 fix(NODE-3252): state transistion from DISCONNECTED (#2807)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/arthelon/project/98e35e81-7afa-4075-8dd6-e9da6a376bb0?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/arthelon/project/98e35e81-7afa-4075-8dd6-e9da6a376bb0?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"ffa3a2f8-9c9e-414f-a624-12ef5b057e1e","prPublicId":"ffa3a2f8-9c9e-414f-a624-12ef5b057e1e","dependencies":[{"name":"mongodb","from":"3.6.3","to":"3.6.10"}],"packageManager":"npm","projectPublicId":"98e35e81-7afa-4075-8dd6-e9da6a376bb0","projectUrl":"https://app.snyk.io/org/arthelon/project/98e35e81-7afa-4075-8dd6-e9da6a376bb0?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MONGODB-5871303"],"upgrade":["SNYK-JS-MONGODB-5871303"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[496],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)
vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
hope-sustains-life ✅ Ready (Inspect) Visit Preview 💬 Add feedback Aug 30, 2023 2:33pm