search

Zooz / predator

A powerful open-source platform for load testing APIs.
https://zooz.github.io/predator/
Apache License 2.0
569 stars 108 forks source link

[Snyk] Security upgrade sqlite3 from 5.0.3 to 5.1.5 #629

Closed ido-krupkin-zooz closed 1 week ago

ido-krupkin-zooz commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **691/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 8.1 | Arbitrary Code Execution
[SNYK-JS-SQLITE3-3358947](https://snyk.io/vuln/SNYK-JS-SQLITE3-3358947) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: sqlite3 The new version differs by 85 commits.
  • 6a806f8 v5.1.5
  • edb1934 Fixed code execution vulnerability due to Object coercion
  • 3a48888 Updated bundled SQLite to v3.41.1
  • c1440bd Fixed rpath linker option when using a custom sqlite (#1654)
  • 93affa4 Update microsoft/setup-msbuild action to v1.3
  • 6f6318e v5.1.4
  • aeafe25 Revert "Renamed `master` references to `main`"
  • 57ce2d4 Fixed glib compatibility by downgrading to Ubuntu 20
  • af8e567 Renamed `master` references to `main`
  • 8fd18a3 Extracted function checking code into macro
  • 5c94f75 v5.1.3
  • aec0d31 Updated bundled SQLite to v3.40.0
  • 1980f10 v5.1.2
  • 7aa29fe Updated bundled SQLite to v3.39.4
  • c4fca9f v5.1.1
  • ea71343 Added Darwin ARM64 to prebuilt binaries list in README
  • ec154ab Added Darwin ARM64 prebuilt binaries
  • 9290d8c v5.1.0
  • 9e9079d Updated types file
  • 946a3f6 Added ability to receive updates from `sqlite3_update_hook`
  • 97cc584 Added yarn.lock to gitignore
  • 572f05e Fixed importing `sqlite3#verbose` using destructuring syntax (#1632)
  • c366ef9 Fixed remaining method declarations (#1633)
  • f0090b8 Added `.configure('limit', ...` to library type file
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/zooz/project/6159deca-4bd4-4b89-97ac-ba9ace7b3dbb?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/zooz/project/6159deca-4bd4-4b89-97ac-ba9ace7b3dbb?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"0e4cd23f-5726-4291-ba51-ec61ed48af19","prPublicId":"0e4cd23f-5726-4291-ba51-ec61ed48af19","dependencies":[{"name":"sqlite3","from":"5.0.3","to":"5.1.5"}],"packageManager":"npm","projectPublicId":"6159deca-4bd4-4b89-97ac-ba9ace7b3dbb","projectUrl":"https://app.snyk.io/org/zooz/project/6159deca-4bd4-4b89-97ac-ba9ace7b3dbb?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SQLITE3-3358947"],"upgrade":["SNYK-JS-SQLITE3-3358947"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[691],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Arbitrary Code Execution](https://learn.snyk.io/lessons/malicious-code-injection/javascript/?loc=fix-pr)