search

attesch / cezerin

Cezerin is React and Node.js based eCommerce platform.
https://cezerin.com
MIT License
1 stars 0 forks source link

[Snyk] Fix for 2 vulnerabilities #307

Open attesch opened 3 months ago

attesch commented 3 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **591/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 6.1 | Open Redirect
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **718/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5 | Uncontrolled Resource Consumption ('Resource Exhaustion')
[SNYK-JS-TAR-6476909](https://snyk.io/vuln/SNYK-JS-TAR-6476909) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express The new version differs by 250 commits.
  • b28db2c 4.19.2
  • 0b74695 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • 4ee853e docs: loosen TC activity rules
  • 414854b docs: nominating @ wesleytodd to be project captian
  • 06c6b88 docs: update release date
  • 1b51eda 4.18.3
  • b625132 build: pin Node 21.x to minor
  • e3eca80 build: pin Node 21.x to minor
  • 23b44b3 build: support Node.js 21.6.2
  • b9fea12 build: support Node.js 21.x in appveyor
  • c259c34 build: support Node.js 21.x
  • fdeb1d3 build: support Node.js 20.x in appveyor
  • 734b281 build: support Node.js 20.x
  • 0e3ab6e examples: improve view count in cookie-sessions
  • 59af63a build: Node.js@18.19
  • e720c5a docs: add documentation for benchmarks
See the full diff
Package name: node-sass The new version differs by 109 commits.
  • 7105b0a 5.0.0 (#3015)
  • 0648b5a chore: Add Node 15 support (#2983)
  • e2391c2 Add a deprecation message to the readme (#3011)
  • 6a33e53 chore: Don't upload artifacts on PRs
  • d763506 chore: Only run coverage on main repo
  • d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
  • 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
  • f877689 chore: Don't double build DependaBot PRs
  • b48fac4 chore: Add weekly DependaBot updates
  • 91c40a0 Remove deprecated process.sass API
  • 1f6df86 Replace lodash/assign in favor of the native Object.assign
  • 522828a Remove workarounds for old Node.js versions
  • 40e0f00 chore: Remove second NPM badge
  • ab91bf6 chore: Remove Slack badge
  • 6853a80 chore: Cleanup status badges
  • fb1109c chore: Bump minimum engine version to v10
  • d185440 chore: Add basic Node version support policy
  • db25736 chore: Bump node-gyp to 7.1.0
  • 2c5b110 chore: Bump cross-spawn to v7.0.3
  • 38b9633 chore: Update Istanbul to NYC
  • d63b5bf chore: Bump mocha to v8.1.3
  • d0d8865 chore: Skip constructor tests on v14.6+
  • ee3984d chore: Hoist test ESLint config
  • feee448 chore: Remove disabled and recommended rules
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"fd80d956-984f-436f-8f49-a4ae1a63d9bc","prPublicId":"fd80d956-984f-436f-8f49-a4ae1a63d9bc","dependencies":[{"name":"express","from":"4.16.3","to":"4.19.2"},{"name":"node-sass","from":"4.9.3","to":"5.0.0"}],"packageManager":"npm","projectPublicId":"54f4ee92-998c-4470-8c24-77a260feb55b","projectUrl":"https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-EXPRESS-6474509","SNYK-JS-TAR-6476909"],"upgrade":["SNYK-JS-EXPRESS-6474509","SNYK-JS-TAR-6476909"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[591,718],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr) 🦉 [Uncontrolled Resource Consumption ('Resource Exhaustion')](https://learn.snyk.io/lesson/redos/?loc=fix-pr)