search

lucasbelem / nodejs-goof

Super vulnerable todo list application
Apache License 2.0
0 stars 0 forks source link

[Snyk] Upgrade mongodb from 3.5.9 to 3.7.4 #6

Open lucasbelem opened 8 months ago

lucasbelem commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mongodb from 3.5.9 to 3.7.4.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **21 versions** ahead of your current version. - The recommended version was released **7 months ago**, on 2023-06-21. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Remote Memory Exposure
[SNYK-JS-BL-608877](https://snyk.io/vuln/SNYK-JS-BL-608877) | **492/1000**
**Why?** Proof of Concept exploit, CVSS 7.7 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mongodb
  • 3.7.4 - 2023-06-21

    The MongoDB Node.js team is pleased to announce version 3.7.4 of the mongodb package!

    Release Highlights

    This release fixes a bug that throws a type error when SCRAM-SHA-256 is used with saslprep in a webpacked environment.

    3.7.4 (2023-06-21)

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

      </li>
  <li>
    <b>3.7.3</b> - 2021-10-20
  </li>
  <li>
    <b>3.7.2</b> - 2021-10-05
  </li>
  <li>
    <b>3.7.1</b> - 2021-09-14
  </li>
  <li>
    <b>3.7.0</b> - 2021-08-31
  </li>
  <li>
    <b>3.6.12</b> - 2021-08-30
  </li>
  <li>
    <b>3.6.11</b> - 2021-08-05
  </li>
  <li>
    <b>3.6.10</b> - 2021-07-06
  </li>
  <li>
    <b>3.6.9</b> - 2021-05-26
  </li>
  <li>
    <b>3.6.8</b> - 2021-05-21
  </li>
  <li>
    <b>3.6.7</b> - 2021-05-18
  </li>
  <li>
    <b>3.6.6</b> - 2021-04-06
  </li>
  <li>
    <b>3.6.5</b> - 2021-03-16
  </li>
  <li>
    <b>3.6.4</b> - 2021-02-02
  </li>
  <li>
    <b>3.6.3</b> - 2020-11-06
  </li>
  <li>
    <b>3.6.2</b> - 2020-09-10
  </li>
  <li>
    <b>3.6.1</b> - 2020-09-02
  </li>
  <li>
    <b>3.6.0</b> - 2020-07-30
  </li>
  <li>
    <b>3.6.0-beta.0</b> - 2020-04-14
  </li>
  <li>
    <b>3.5.11</b> - 2020-09-10
  </li>
  <li>
    <b>3.5.10</b> - 2020-07-30
  </li>
  <li>
    <b>3.5.9</b> - 2020-06-12
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases">mongodb GitHub release notes</a>

Commit messages
Package name: mongodb
  • c2b6da1 chore(release): 3.7.4
  • 152425a fix(NODE-5355): prevent error when saslprep is not a function (#3733)
  • 1595140 fix(NODE-3711): retry txn end on retryable write (#3047)
  • 9b980c4 chore(NODE-3736): fix drivers tools cloning (#3025)
  • b42e8b3 chore(release): 3.7.3
  • 428e6d3 fix(NODE-3515): do proper opTime merging in bulk results (#3011)
  • 564b0d7 test(NODE-3606): legacy and new versions of the CSFLE library (#3002)
  • 7c5a7bb chore(release): 3.7.2
  • ec23d63 chore(NODE-3622): bump optional-require for additional yarn berry pnp support (#2989)
  • 28f721d chore(release): 3.7.1
  • 910c564 feat(NODE-3424): use hello for monitoring commands (#2964)
  • 44df7d7 chore(release): 3.7.0
  • 1a76618 fix: versioned api low node compat fix (#2970)
  • 7602f68 docs(NODE-3406): add versioned api examples (#2969)
  • a07aa56 test(NODE-3409): support AWS temp credentials in CSFLE tests (#2968)
  • eae0e05 chore(NODE-3303): deprecate md5 hash and isConnected (#2960)
  • 77ab63e test(NODE-3387): correctly extract findOneX values in unified operations (#2966)
  • 96c8ab4 fix(NODE-3377): driver should allow arbitrary explain levels (#2961)
  • 4c25984 chore: sync 3.6 changes to 3.7 (#2963)
  • e5975af fix(NODE-3463): pass explain error through to callback (#2949)
  • 238a4b0 fix(NODE-3290): versioned api validation and tests (#2869)
  • 91a2fc9 Merge remote-tracking branch 'origin/3.6' into 3.7
  • 6ee945e chore(NODE-3316): add author info and update bug url in package.json (#2887)
  • ecc930b test(NODE-3381): command monitoring redaction tests (#2873)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs