search

flaviuse / mern-authentication

MERN stack authentication boilerplate: password reset, email verification, server sessions, redux, typescript, hooks and docker for dev and prod.
https://mern-auth-client.herokuapp.com/login
MIT License
439 stars 95 forks source link

[Snyk] Upgrade connected-react-router from 6.8.0 to 6.9.1 #68

Closed flaviuse closed 3 years ago

flaviuse commented 3 years ago

Snyk has created this PR to upgrade connected-react-router from 6.8.0 to 6.9.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-IMMER-1019369		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Command Injection
SNYK-JS-REACTDEVUTILS-1083268		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Command Injection
SNYK-JS-NODENOTIFIER-1035794		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: connected-react-router from connected-react-router GitHub release notes
Commit messages
Package name: connected-react-router
  • c09873d Bump version to 6.9.1
  • 66dce67 Bundle lodash.isequalwith
  • d685516 Bump version to 6.9.0
  • 7303a04 Create codeql-analysis.yml
  • 008b575 Update react peer dependency to include v17 (#460)
  • 3998a43 Bump ini from 1.3.5 to 1.3.7 in /examples/immutable (#471)
  • cad4971 Bump ini from 1.3.5 to 1.3.7 in /examples/basic (#470)
  • 001347b Bump ini from 1.3.5 to 1.3.7 in /examples/typescript (#469)
  • 0553b40 Bump ini from 1.3.5 to 1.3.7 (#468)
  • 97e0d50 Add noTimeTravelDebugging prop (#455)
  • a105380 Move immutables to optional dependencies (#454)
  • 68344d1 Bump lodash from 4.17.15 to 4.17.20 in /examples/basic (#451)
  • 50b605f Bump lodash from 4.17.15 to 4.17.20 in /examples/immutable (#452)
  • a034845 Bump lodash from 4.17.15 to 4.17.20 in /examples/typescript (#453)
  • 53c7bf3 Bump elliptic from 6.5.1 to 6.5.3 in /examples/typescript (#441)
  • cb905f4 Bump websocket-extensions from 0.1.3 to 0.1.4 in /examples/typescript (#426)
  • 2f1c0ad Bump lodash from 4.17.15 to 4.17.19 (#433)
  • ed71631 Bump lodash from 4.17.15 to 4.17.19 in /examples/react-native (#437)
  • fc9c171 Bump elliptic from 6.5.2 to 6.5.3 (#439)
  • c5c0036 Bump elliptic from 6.5.1 to 6.5.3 in /examples/basic (#440)
  • 28b9b45 Bump elliptic from 6.5.1 to 6.5.3 in /examples/immutable (#442)
  • 574fda3 Bump http-proxy from 1.18.0 to 1.18.1 in /examples/typescript (#448)
  • f35cb37 Bump yargs-parser from 13.1.1 to 13.1.2 in /examples/immutable (#449)
  • 79b92b1 Bump yargs-parser from 13.1.1 to 13.1.2 in /examples/basic (#450)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs