kmaida / mean-rBox

Recipe box MEAN stack application for creating, storing, and filing recipes.
https://rbox.kmaida.net
MIT License
1 stars 0 forks source link

[Snyk] Security upgrade mongoose-encryption from 1.5.0 to 2.0.1 #78

Open kmaida opened 3 years ago

kmaida commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 716/1000
Why? Recently disclosed, Has a fix available, CVSS 8.6
Prototype Pollution
SNYK-JS-DOTTY-1069933
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose-encryption The new version differs by 31 commits.
  • 4595cc3 2.0.1
  • a22eb88 Upgrade dependencies (#80)
  • 027a697 Release notes for 2.0.0
  • e887f78 2.0.0
  • 06c68cd Decrypt children using encryptedChildren plugin (#79)
  • 3d28a88 Remove Mongoose version conditionals
  • 4add461 Merge branch 'master' of github.com:joegoldbeck/mongoose-encryption
  • 953c5eb Merge commits from @ yelworc and @ colinhemphill
  • e41d10f Merge commits from @ yelworc and @ colinhemphill
  • 8d79fe4 Drop Mongoose v3 & v4 support
  • 818b309 Start 2.0.0-draft
  • 1115b75 Add Node LTS to travis.yml
  • 5a6f92f Add badge to README
  • 2423787 Adjust and add badges
  • bf53323 Add Node 4 to travis. Add build icon
  • 4dd5690 Remove Mongoose 3.x support
  • 1fda806 Merge branch 'master' of github.com:joegoldbeck/mongoose-encryption
  • dd962ff Restrict mongoose versions
  • ae3d0c9 Update .travis.yml
  • 806d96a Create .travis.yml
  • 196f046 Delete travis.yml
  • 2e99ca6 Create travis.yml
  • 5061ab3 Fix up a few unit tests
  • bc41534 More Mongoose 5 compatibility fixes
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic