search

OpenTMI / opentmi

OpenTMI (Test Management Infrastructure) Core
MIT License
21 stars 6 forks source link

[Snyk] Upgrade passport from 0.5.2 to 0.7.0 #755

Open jupe opened 6 months ago

jupe commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade passport from 0.5.2 to 0.7.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2023-11-27. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Denial of Service (DoS)
[SNYK-JS-DICER-2311764](https://snyk.io/vuln/SNYK-JS-DICER-2311764) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Mature | Denial of Service (DoS)
[SNYK-JS-ENGINEIO-3136336](https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Uncaught Exception
[SNYK-JS-ENGINEIO-5496331](https://snyk.io/vuln/SNYK-JS-ENGINEIO-5496331) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MOMENT-2944238](https://snyk.io/vuln/SNYK-JS-MOMENT-2944238) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Denial of Service (DoS)
[SNYK-JS-SOCKETIOPARSER-5596892](https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-5596892) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-MONGODB-5871303](https://snyk.io/vuln/SNYK-JS-MONGODB-5871303) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Session Fixation
[SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Command Injection
[SNYK-JS-SNYK-3037342](https://snyk.io/vuln/SNYK-JS-SNYK-3037342) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Command Injection
[SNYK-JS-SNYK-3038622](https://snyk.io/vuln/SNYK-JS-SNYK-3038622) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Code Injection
[SNYK-JS-SNYK-3111871](https://snyk.io/vuln/SNYK-JS-SNYK-3111871) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Improper Input Validation
[SNYK-JS-SOCKETIOPARSER-3091012](https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: passport
  • 0.7.0 - 2023-11-27

    0.7.0

      </li>
  <li>
    <b>0.6.0</b> - <a href="https://snyk.io/redirect/github/jaredhanson/passport/releases/tag/v0.6.0">2022-05-20</a></br><p>0.6.0</p>
  </li>
  <li>
    <b>0.5.3</b> - <a href="https://snyk.io/redirect/github/jaredhanson/passport/releases/tag/v0.5.3">2022-05-16</a></br><p>0.5.3</p>
  </li>
  <li>
    <b>0.5.2</b> - <a href="https://snyk.io/redirect/github/jaredhanson/passport/releases/tag/v0.5.2">2021-12-16</a></br><p>0.5.2</p>
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/jaredhanson/passport/releases">passport GitHub release notes</a>

Commit messages
Package name: passport
  • 33b92f9 0.7.0
  • 8dd8ec5 Update changelog.
  • 2815dc9 Merge pull request #1012 from jaredhanson/authinfo-assignprop
  • 0f2f81c Fix test to allow setting of authInfo with assignProperty.
  • b4e4cff Fix test to allow setting of authInfo from authorize call.
  • da379a0 Merge branch 'master' into authinfo-assignprop
  • cfdbd4a Update sponsors.
  • 6cc8a7c Update sponsors.
  • b6ab747 Update sponsors.
  • c521bc8 Add FusionAuth as sponsor.
  • 341a111 Update README.
  • 7131d9a Fix image.
  • 1dfa3ae Add Descope as sponsor.
  • 7211940 Revise Authenticator#authenticate docs.
  • a479713 Revise Authenticator#authorize docs.
  • 4f0df36 Revise Authenticator#authorize docs.
  • 026efe4 Revise Authenticator#authenticate docs.
  • e2f2867 Revise Authenticator#authenticate docs.
  • b9399f5 Revise Authenticator#authenticate docs.
  • 3bab015 Revise Authenticator#initialize docs.
  • 3155893 Revise Authenticator#framework docs.
  • 5e51b3a Revise Authenticator documentation.
  • 805333f Revise documentation of Authenticator#use.
  • 797644b Revise Authenticator documentation.
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs