meanjs / mean

MEAN.JS - Full-Stack JavaScript Using MongoDB, Express, AngularJS, and Node.js -
http://meanjs.org
MIT License
4.87k stars 1.98k forks source link

[Snyk] Security upgrade aws-sdk from 2.548.0 to 2.814.0 #2063

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-AWSSDK-1059424
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: aws-sdk The new version differs by 250 commits.
  • 8875a35 Updates SDK to v2.814.0
  • dd83d67 throw at invalid profile name in shared ini file (#3585)
  • ee0c5a3 Updates SDK to v2.813.0
  • 468d15b Updates SDK to v2.812.0
  • c50132f Update README.md with references to JS SDK V3 (#3582)
  • 3e19b08 Updates SDK to v2.811.0
  • f26c00d Updates SDK to v2.810.0
  • b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
  • fa57967 Updates SDK to v2.809.0
  • 9a52018 Updates SDK to v2.808.0
  • 1958076 Updates SDK to v2.807.0
  • ffcad20 Updates SDK to v2.806.0
  • 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
  • c6fe3c0 Updates SDK to v2.805.0
  • 71d6fa9 Fix dual-callback case (#3537)
  • b981971 Updates SDK to v2.804.0
  • 332573f Updates SDK to v2.803.0
  • deb7bc7 Updates SDK to v2.802.0
  • b6401d0 Remove incorrectly named service named 'Profile' (#3562)
  • 3364d4b Updates SDK to v2.801.0
  • d400577 Updates SDK to v2.800.0
  • 21c7dc0 Updates SDK to v2.799.0
  • d2b8964 Updates SDK to v2.798.0
  • 44ded82 fix: test IAM.getUser instead of listUsers (#3542)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic