jsdevtools / graphql-jsdevtools

0 stars 0 forks source link

[Snyk] Fix for 5 vulnerabilities #47

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity SQL Injection
SNYK-JS-KNEX-471962
No No Known Exploit
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
No Proof of Concept
high severity SQL Injection
SNYK-JS-SEQUELIZE-450221
No Proof of Concept
high severity SQL Injection
SNYK-JS-SEQUELIZE-459751
No Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-SEQUELIZE-543029
No No Known Exploit
Commit messages
Package name: knex The new version differs by 195 commits.
  • 48d8c7e Prepare 0.19.5 release
  • e112a21 Remove unneeded logging
  • 78a7e9a fix CLI tests fails caused by PR #3416 (#3466)
  • 988fb24 Fix MSSQL escaping (#3382)
  • 516b074 Enable linting in CI (#3450)
  • c1d2027 Fix handling of multiline SQL in SQLite3 schema (#3411)
  • 53d8649 Update test to accommodate for increased precision in PG 12 (#3465)
  • 7fabae9 Migrations up/down commands: filename parameter (#3416)
  • fb095cb Add missing Migrator.list typing (#3460)
  • b744564 Fix Typescript type inference for to better support wildcard (*) calls #3444 (#3446)
  • 68e1ae2 Support stored procedures in Oracle
  • 5417cac Fix for concurrent child transactions failing (#2213) (#3440)
  • eb8f0c0 Make options argument optional in timeout (#3442)
  • 65969d6 Prepare 0.19.4 release
  • 3464e4c Update dependencies (#3431)
  • 019141c Add specific to SeederConfig type (#3429)
  • 6c73b22 Fix some issues with QueryBuilder types (#3427)
  • 4ade989 feat: add undefined columns to undefined binding(s) error (#3425)
  • 75ac92f Update 0.19.3 changelog
  • 8f40f8d migrate: Refactor _lockMigrations to avoid forUpdate (#3395)
  • 3f86d75 TypeScript definition: include schemaName in EnumOptions (#3415)
  • e5972b8 Prepare 0.19.3 release (#3414)
  • d6426d7 Add ability to manually define schema for enu with useNative (#3307) (#3413)
  • 1ef1a4e Fix native enum with specified schema (#3307) (#3400)
See the full diff
Package name: sequelize The new version differs by 21 commits.
  • 8931bf6 fix(sqlite): properly catch errors (#11877)
  • efd2f40 fix(mysql): json path security issues (#11332)
  • 6674a3c fix: use files and remove .npmignore
  • a1ccf04 fix(pool): destroy pooled errors properly with replication (#11140)
  • a32263f fix(redshift): allow standard_conforming_strings option (#10816)
  • c9d3a97 feat(postgres): enable standard conforming strings when required (#10746)
  • 73d7a65 fix(mssql): subquery handling for order (#10769)
  • 98cb17c build: skip docs and set correct tag
  • 7d22d18 build: semantic release setup & docs
  • 2f92e21 fix(mysql): boolean TINYINT support (#10660)
  • de39cff feat(datatypes): handle numbers passed as objects for bigint (#10496)
  • 00e4984 fix: locking generic-pool to 3.5.0
  • 136566d Revert "fix: update generic-pool dependency"
  • 70fc462 fix: update generic-pool dependency
  • 52daac1 chore(package): update generic-pool to 3.5.0 (#10359)
  • 09eea2f docs(querying): model mapping for custom fields (#9688) (#10338)
  • d2428dd feat(transaction): afterCommit hook (#10260)
  • 34e9fe1 fix(query-generator): add offset to unioned queries (#10149)
  • 7d59b78 build: lock mysql2
  • 9ecc11e docs: add favicon (#10127)
  • 4ff79dc fix(syntax): correct parentheses around union (#9813) (#10003) (#10121)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic