Stwissel / node-red-contrib-salesforce

A set of Node-RED nodes to interact with Salesforce and Force.com
MIT License
10 stars 17 forks source link

[Snyk] Fix for 2 vulnerabilities #56

Closed snyk-bot closed 2 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Improper Access Control
SNYK-JS-FAYE-567757
No Proof of Concept
Commit messages
Package name: nforce8 The new version differs by 13 commits.
  • 9efa46a dependencies update
  • e0a3b43 Merge pull request #32 from Stwissel/greenkeeper/faye-1.2.5
  • 1510173 Merge pull request #30 from Stwissel/greenkeeper/cookie-parser-1.4.5
  • e74d148 Merge pull request #29 from Stwissel/greenkeeper/mocha-7.0.1
  • 2688d16 Merge pull request #33 from Stwissel/greenkeeper/mime-2.4.5
  • 4ec30ad chore(package): update lockfile package-lock.json
  • 9e10e00 fix(package): update mime to version 2.4.5
  • f0debe4 chore(package): update lockfile package-lock.json
  • dbaedf3 fix(package): update faye to version 1.2.5
  • 2e617f2 chore(package): update lockfile package-lock.json
  • 1431895 chore(package): update cookie-parser to version 1.4.5
  • 977ed95 chore(package): update lockfile package-lock.json
  • a3f99c0 chore(package): update mocha to version 7.0.1
See the full diff
With a Snyk patch:
Severity Issue Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic