search

RelatedTitle / user-account-system

This user account system allows for the registration of users using their email and password + OAuth providers. It has full email verification and password reset functionality. It uses PostgreSQL, Express, Passport, and JWT as user tokens.
MIT License
2 stars 0 forks source link

Bump http-cache-semantics from 4.1.0 to 4.1.1 #34

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps http-cache-semantics from 4.1.0 to 4.1.1.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RelatedTitle/user-account-system/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 26 security issues in this pull request:

Vulnerable Libraries (26)
Severity | Details ----- | -------- High | [pkg:npm/sequelize@6.15.0@6.15.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/jsonwebtoken@8.5.1@8.5.1](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** High | [pkg:npm/json5@2.2.0@2.2.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *2.2.2* High | [pkg:npm/ansi-regex@3.0.0@3.0.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *6.0.1,5.0.1,4.1.1,3.0.1* High | [pkg:npm/busboy@0.2.14@0.2.14](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** N/A | [pkg:npm/debug@2.6.9@2.6.9](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *3.1.0* Medium | [pkg:npm/@actions/core@1.4.0@1.4.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *1.9.1* Low | [pkg:npm/node-fetch@2.6.7@2.6.7](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** High | [pkg:npm/minimatch@3.0.4@3.0.4](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *3.0.5* Medium | [pkg:npm/nanoid@3.1.23@3.1.23](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *3.1.31* N/A | [pkg:npm/formidable@1.2.6@1.2.6](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/got@9.6.0@9.6.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/passport@0.4.1@0.4.1](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *0.6.0* High | [pkg:npm/mocha@9.2.0@9.2.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/nodemon@2.0.15@2.0.15](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/express@4.17.2@4.17.2](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/cookiejar@2.1.3@2.1.3](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *2.1.4* High | [pkg:npm/flat@5.0.2@5.0.2](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Critical | [pkg:npm/qs@6.9.6@6.9.6](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** High | [pkg:npm/dicer@0.2.5@0.2.5](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/request@2.88.2@2.88.2](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** High | [pkg:npm/mocha@9.0.0@9.0.0](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** High | [pkg:npm/moment@2.29.2@2.29.2](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) upgrade to: *2.29.4,2.29.4* Low | [pkg:npm/bcrypt@5.0.1@5.0.1](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** Medium | [pkg:npm/multer@1.4.4@1.4.4](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** High | [pkg:npm/moment-timezone@0.5.34@0.5.34](https://github.com/RelatedTitle/user-account-system/blob/ec942d7088e4ab688af0a4fe641b2447ef0b495d/package-lock.json) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.