search

flaviuse / mern-authentication

MERN stack authentication boilerplate: password reset, email verification, server sessions, redux, typescript, hooks and docker for dev and prod.
https://mern-auth-client.herokuapp.com/login
MIT License
439 stars 95 forks source link

[Snyk] Upgrade joi from 17.4.2 to 17.6.0 #117

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade joi from 17.4.2 to 17.6.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Directory Traversal
SNYK-JS-MOMENT-2440688		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: joi from joi GitHub release notes
Commit messages
Package name: joi
  • 95feacc 17.6.0
  • e250c42 Support length(). Closes #2732
  • 7e5aebf Merge pull request #2723 from jeremykohn/api-typos
  • a10ea85 Fix typos in API.md
  • 2cde8a3 17.5.0
  • b4dbd59 Support wrapping of strings inside arrays. Closes #2706
  • 013af55 Support node 12
  • e83920a Allow empty string if min(0). Closes #2687
  • 4bfb9d4 Add test for #2666
  • f732265 Merge pull request #2666 from MathijsvVelde/master
  • e92e400 Merge pull request #2703 from pappaschris/improve_validate_typings
  • b623dc8 Merge pull request #2712 from nlf/master
  • 4d769b7 Merge pull request #2698 from jamietre/jamiet/strict-date
  • ad45112 Merge pull request #2665 from squidini/issue-2605-helpers-on-external-validation
  • 54e92f9 Merge pull request #2651 from sideway/fix/label-elimination-for-externals
  • 39739d4 Merge pull request #2649 from Fruch6807/master
  • a09d51d Clarify usage of Date parsing. Closes #2618
  • e585b54 Cleanup for #2589
  • e6c395b Merge pull request #2589 from nlundquist/origin-merge-alternatives-of-objects
  • f0b78ed Cleanup for #2577
  • 1455ff5 Merge pull request #2577 from nlundquist/improve-alternative-match-errors
  • 069fbc4 chore: replace travis with github actions
  • 228a7ed Support wildcard message code. Closes #2708
  • 753f0d3 17.4.3
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs