search

TreeGateway / tree-gateway

This is a full featured and free API Gateway
http://treegateway.com
MIT License
189 stars 42 forks source link

[Snyk] Fix for 1 vulnerabilities #199

Open thiagobustamante opened 1 year ago

thiagobustamante commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **461/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-DEBUG-3227433](https://snyk.io/vuln/SNYK-JS-DEBUG-3227433) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: ioredis The new version differs by 68 commits.
  • 206b0ed docs(CHANGELOG): 4.0.0
  • e6bf95b 4.0.0
  • eb79e2d docs(README): mention duplicate keys in scan stream example (#681)
  • ca58249 feat: export Pipeline for inheritances enabling (#675)
  • d40a99e fix: port is ignored when path set to null
  • 5eb4198 feat: export ScanStream at package level (#667)
  • a57c2a8 docs: v4.0.0-3
  • 3746a2c 4.0.0-3
  • 6144c56 fix: resolve warning for Buffer() in Node.js 10
  • a28983d chore: package settings
  • e76c44f Merge branch 'fix-sentinel-warning'
  • 032e08b refactor: fix denque not working with es module
  • 3c7519c refactor: move connection_pool to TypeScript
  • 1397247 refactor: move more files to TypeScript
  • 4369295 test: fix tests for connectors
  • 072134f docs: remove io.js from description in readme and package.json (#663)
  • 0f42e45 fix filename on Linux
  • 92a6c67 fix several issues
  • 7bf6fea fix(Sentinel): unreachable errors when sentinals are healthy
  • 27b408e refactor: rewrite connectors with TypeScript
  • 24dabbe refactor: move from JavaScript to TypeScript (#659)
  • 92696d5 docs(API): add docs for maxRetriesPerRequest option
  • 33a49ee docs(Changelog): v4.0.0-2
  • a41f76a 4.0.0-2
See the full diff
Package name: micromatch The new version differs by 29 commits.
  • 89efcff 4.0.0
  • f3238cb Merge pull request #151 from micromatch/dev
  • 7c78f9a ensure args are strings
  • 2e42796 bump picomatch
  • 09f8260 windows, it's time we had a talk...
  • a49f94c fix slashes in tests
  • a6ab670 use braces patch, build readme
  • 976d956 upgrade braces and picomatch
  • a6596da add benchmarks
  • 11168b1 rename unixify to windows
  • 5bf40fe package.json: Use github versions of deps to test the env.
  • 5d78d48 Drop node v6 since picomatch doesnt support it.
  • 96ac3ba Remove duplicate node. Remove unsupported node v7.
  • bf44408 Merge branch 'master' into dev
  • b8abcf9 Merge remote-tracking branch 'origin/dev'
  • e07df11 rebuild docs
  • 47340ad Merge remote-tracking branch 'origin/master' into dev
  • 52df06d refactor
  • 09bd55c Merge pull request #149 from Glazy/hotfix/issue-template-update
  • c32543d Add myself to package.json contributors list
  • 86858bf Update issue template w/ typo and question change
  • f2ce9d2 Merge pull request #130 from wtgtybhertgeghgtwtg/unescape
  • 677f127 Merge pull request #134 from Tvrqvoise/v3-changelog
  • 4a70a66 Merge pull request #141 from simlu/patch-1
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/thiagobustamante/project/e3c97800-99d3-48c9-ac62-e736db808b2a?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/thiagobustamante/project/e3c97800-99d3-48c9-ac62-e736db808b2a?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"89a86fe5-341a-47e4-a7f6-fa22f6e32360","prPublicId":"89a86fe5-341a-47e4-a7f6-fa22f6e32360","dependencies":[{"name":"ioredis","from":"3.2.2","to":"4.0.0"},{"name":"micromatch","from":"3.1.10","to":"4.0.0"}],"packageManager":"npm","projectPublicId":"e3c97800-99d3-48c9-ac62-e736db808b2a","projectUrl":"https://app.snyk.io/org/thiagobustamante/project/e3c97800-99d3-48c9-ac62-e736db808b2a?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DEBUG-3227433"],"upgrade":["SNYK-JS-DEBUG-3227433"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[461]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)