Snyk has created this PR to upgrade connect-mongo from 4.4.1 to 4.5.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 22 days ago, on 2021-08-17.
Snyk has created this PR to upgrade connect-mongo from 4.4.1 to 4.5.0.
The recommended version fixes:
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
SNYK-JS-MPATH-1577289
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: connect-mongo
-
4.5.0 - 2021-08-17
-
4.4.1 - 2021-03-23
from connect-mongo GitHub release noteschore: bump version to 4.5.0 for release
chore: bump version to 4.4.1
Commit messages
Package name: connect-mongo
- 3e27376 chore: bump version to 4.5.0 for release
- fa8826d Merge pull request #430 from jdesboeufs/feat/upgrade-mongodb-depns
- 472c003 test: ignore test file on code coverage
- 83480c2 chore: drop node 10 support due to mongodb upgrade
- 8bdc9e0 docs: update CHANGELOG
- 788f603 fix: createIndex should have correct async dependency setup
- ccd716a fix: upgrade mongodb driver to v4
- cceec18 fix: move writeConcern option away from top-level to remove deprecation warning #422 (#424)
- 03962f4 docs: Update MIGRATION_V4.md (#421)
- 9c1d0b5 docs: add known issue
- 5b1b965 docs: update MIGRATION_V4.md (#417)
- 94b65f6 docs: add known issue on autoRemove native causing error on close
- bbff285 docs: migration guide argument correction (#414)
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs