jsdevtools / graphql-jsdevtools

0 stars 0 forks source link

[Snyk] Fix for 1 vulnerabilities #83

Open JEStaubach opened 7 months ago

JEStaubach commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json
⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-LODASH-6139239](https://snyk.io/vuln/SNYK-JS-LODASH-6139239) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: apollo The new version differs by 250 commits.
  • 58b9637 Release
  • 199523a Revert "Release"
  • 9f7d75b Release
  • 881abfa Revert "Release"
  • 2882a7e Disable Windows tests for now
  • c976d83 Release
  • c83d41b Update changelog
  • 3b5ccd9 chore(deps): update all non-major dependencies (#2597)
  • addde07 chore(deps): update dependency await-to-js to v3 (#2599)
  • 5fe5b0c chore(deps): update dependency glob to v8 (#2594)
  • 785f64c chore(deps): update dependency global-agent to v3 (#2601)
  • 5d62e97 chore(deps): update dependency @ oclif/plugin-autocomplete to v1.3.0 (#2608)
  • 0af6969 chore(deps): update dependency nock to v13 (#2602)
  • 763fc26 chore(deps): update dependency @ endemolshinegroup/cosmiconfig-typescript-loader to v3 (#2598)
  • a5042db chore(deps): update dependency apollo-datasource to v3 (#2542)
  • cfe529b chore(deps): update dependency prettier to v2 (#2603)
  • 8e423ac chore(deps): update dependency strip-ansi to v7 (#2604)
  • 5695833 chore(deps): update dependency ts-node to v10 (#2605)
  • d094b02 chore(deps): update dependency vscode-languageserver to v7 (#2607)
  • fb8d043 Remove unused tslib dependency
  • e60ffd7 chore(deps): update jest monorepo (#2596)
  • 7f2d081 Revert "chore(deps): update all non-major dependencies (#2586)"
  • e89d9a1 chore(deps): update all non-major dependencies (#2586)
  • 27a2069 chore(deps): update dependency moment to v2.29.2 [security] (#2593)
See the full diff
Package name: babel-eslint The new version differs by 6 commits.
  • 4bd049e 10.1.0
  • 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
  • 183d13e 10.0.3
  • 354953d fix: require eslint dependencies from eslint base (#794)
  • 48f6d78 10.0.2
  • 0241b48 removed unused file reference (#773)
See the full diff
Package name: sequelize The new version differs by 250 commits.
  • 901bceb 6.1.0
  • 6b32821 6.0.0-beta.7
  • 0ca8d72 docs: prepare for v6 release (#12416)
  • 663261b feat(sequelize): allow passing dialectOptions.options from url (#12404)
  • c6e4192 fix(postgres): parse enums correctly when describing a table (#12409)
  • e33d2bd fix(reload): include default scope (#12399)
  • 5611ef0 build: update dependencies (#12395)
  • e80501d fix(types): transactionType in Options (#12377)
  • 4914367 fix(types): add clientMinMessages to Options interface (#12375)
  • b71cd05 fix(query): preserve cls context for logger (#12328)
  • 95f7fb5 fix(mssql): empty order array generates invalid FETCH statement (#12261)
  • ed2d7a9 fix(model.destroy): return 0 with truncate (#12281)
  • 72925cf fix: add missing fields to 'FindOrCreateType' (#12338)
  • f367191 fix(query-generator): do not generate GROUP BY clause if options.group is empty (#12343)
  • 7afd589 docs(sequelize): omitNull only works for CREATE/UPDATE queries
  • f9e660f docs: update feature request template
  • 2bf7f7b fix(typings): add support for optional values in "where" clauses (#12337)
  • 65a9e1e fix(types): add Association into OrderItem type (#12332)
  • 1b86729 docs: responsive (#12308)
  • 59b8a7b fix(include): check if attributes specified for included through model (#12316)
  • 6d87cc5 docs(associations): belongs to many create with through table
  • a2dcfa0 fix(query): ensure correct return signature for QueryTypes.RAW (#12305)
  • 0769aea refactor: cleanup query generators (#12304)
  • 4d9165b feat(postgres): native upsert (#12301)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jsdevtools/project/9a1b005c-2b94-4aae-aad3-d417caa02cc1?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/jsdevtools/project/9a1b005c-2b94-4aae-aad3-d417caa02cc1?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"7551ba80-004d-4340-8262-bb401a759899","prPublicId":"7551ba80-004d-4340-8262-bb401a759899","dependencies":[{"name":"apollo","from":"2.5.1","to":"2.33.11"},{"name":"babel-eslint","from":"10.0.1","to":"10.1.0"},{"name":"lodash","from":"4.17.11","to":"4.17.17"},{"name":"sequelize","from":"4.41.0","to":"6.1.0"}],"packageManager":"npm","projectPublicId":"9a1b005c-2b94-4aae-aad3-d417caa02cc1","projectUrl":"https://app.snyk.io/org/jsdevtools/project/9a1b005c-2b94-4aae-aad3-d417caa02cc1?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-LODASH-6139239"],"upgrade":["SNYK-JS-LODASH-6139239"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["pr-warning-shown","priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)