Closed snyk-bot closed 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-FOLLOWREDIRECTS-2332181
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: tedious
The new version differs by 75 commits.- 98f8f48 Merge pull request #1390 from tediousjs/mark-rename-domain-to-tenantid
- d473d0b Merge pull request #1384 from tediousjs/dependabot/npm_and_yarn/trim-off-newlines-1.0.3
- a69f050 chore(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
- 8f7dcc9 Merge pull request #1394 from tediousjs/dependabot/npm_and_yarn/node-fetch-2.6.7
- 510ead7 chore(deps): bump node-fetch from 2.6.1 to 2.6.7
- ed1d9c7 Merge pull request #1393 from clshortfuse/fix/azure-identity-v2
- bf58b5f chore(deps): bump @ azure/identity from 1.5.2 to 2.0.1
- 2150a9c feat: rename `domain` to `tenantId` when using azure ad password
- 70e77e1 Merge pull request #1355 from tediousjs/arthur/azure-ad-password-client-id
- 56a666f Merge pull request #1382 from tediousjs/dependabot/npm_and_yarn/follow-redirects-1.14.7
- 95e98a1 feat: allow specifying the `clientId` when using `azure-active-directory-password` auth
- 6de53dd Merge pull request #1383 from tediousjs/mshan0-examples-update
- 8304b99 docs: update examples to deprecate old functionality
- 6d10e41 chore(deps): bump follow-redirects from 1.14.0 to 1.14.7
- 212c68e Merge pull request #1381 from mShan0/mshan0-issue1361
- ea7f990 feat: deprecate default value for trustServerCertificate
- b2d0fa2 Merge pull request #1357 from tediousjs/arthur/remove-deprecations
- d486a31 feat: `char`/`nchar`/`varchar`/`nvarchar`/`text`/`ntext`/`uniqueidentifier` values no longer support automatic type coercion
- 3e489b4 refactor: convert `ConnectionError` and `RequestError` to proper classes
- ca8afd3 feat: remove `addRow` and `getRowStream` from `BulkLoad`
- f76518b feat: remove `sspichallenge` event on `Connection`
- 87bc413 Merge pull request #1353 from tediousjs/arthur/deprecations
- 6ff0e1e feat: deprecate automatic type coercion from objects to strings
- 888cde1 feat: deprecate calling `ConnectionError` or `RequestError` constructors without `new` keyword
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic