search

ohcnetwork / stay_be

CoronaSafe Stay BE NestJS
MIT License
4 stars 8 forks source link

[Snyk] Fix for 1 vulnerabilities #174

Open dauntlessnomad opened 1 year ago

dauntlessnomad commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nestjs/jwt The new version differs by 250 commits.
  • 0274acc Merge pull request #1144 from nestjs/renovate/typescript-eslint-monorepo
  • c6bbf14 Merge pull request #1150 from nestjs/renovate/prettier-2.x
  • 414aea3 chore(deps): update typescript-eslint monorepo to v5.47.1
  • 44fd45a chore(deps): update dependency prettier to v2.8.1
  • d8ed56a Merge pull request #1149 from nestjs/renovate/commitlint-monorepo
  • 74a21f9 Merge pull request #1057 from nestjs/renovate/jsonwebtoken-8.x
  • f367329 Merge pull request #1159 from nestjs/renovate/release-it-15.x
  • b3f4fc7 chore(deps): update dependency release-it to v15.5.1
  • 15ad133 chore(deps): update commitlint monorepo to v17.3.0
  • d14521f fix(deps): update dependency @ types/jsonwebtoken to v8.5.9
  • cc04cce Merge pull request #1158 from nestjs/renovate/node-18.x
  • 3ebfaf0 chore(deps): update dependency @ types/node to v18.11.18
  • a14a3be Merge pull request #1146 from nestjs/renovate/typescript-4.x
  • df59940 chore(deps): update dependency typescript to v4.9.4
  • e5661b9 Merge pull request #1157 from nestjs/dependabot/npm_and_yarn/minimatch-3.1.2
  • 8d74976 Merge pull request #1151 from nestjs/renovate/lint-staged-13.x
  • 76b0ee3 Merge pull request #1148 from nestjs/renovate/eslint-8.x
  • f3dd100 chore(deps): bump minimatch from 3.0.4 to 3.1.2
  • 7b3319a chore(deps): update dependency lint-staged to v13.1.0
  • a97c753 Merge pull request #1145 from nestjs/renovate/jest-monorepo
  • 73a7440 Merge pull request #1155 from nestjs/renovate/npm-jsonwebtoken-vulnerability
  • 8a6a459 chore(deps): update dependency eslint to v8.30.0
  • 20c2366 chore(deps): update dependency @ types/jest to v29.2.4
  • 98a4464 chore(deps): update dependency jsonwebtoken to 9.0.0 [security]
See the full diff
Package name: newrelic The new version differs by 250 commits.
  • 83bcdaa Merge pull request #1322 from newrelic/release/v9.0.0
  • 04bc2ec changelog updates based on feedback from team
  • f3e93a4 Adds auto-generated release notes.
  • 9cf6626 Merge pull request #1319 from mrickard/NR-35280/drop-async-from-pricing-tests
  • a485a28 Setting version to v9.0.0.
  • 4ee22c8 Dropped async lib from pricing meminfo and cpu tests
  • d3b006f Merge pull request #1318 from bizob2828/backport-8-17-1-changelog
  • b88b41e backported 8.17.1 changelog section as we could not merge the release branch since it was made out of band from main
  • 5fb4199 Merge pull request #1311 from michaelgoin/bump-external-instrumentation
  • 6f0db2d Bumped @ newrelic/native-metrics to ^9.0.0.
  • f2cae07 Merge pull request #1313 from mrickard/NR-35280/drop-async-lib-from-dt-int-test
  • 4c2c5b5 Merge pull request #1314 from bizob2828/update-pg-tests
  • a13f56d removed unused instrumentation branches since we only support 8.2.x+ now
  • 3f613e4 Merge pull request #1312 from jordigh/grpc-callback-issue
  • b176d9d Code cleanup of async/await/promise conversion
  • 3554fa2 * removed pre-7 as it is no longer applicable on node 14+
  • b23f3a5 grpc: bind the client segment to the onReceiveStatus listener
  • 5b68b38 Refactored dt tap test to remove async lib
  • c024773 Bumps minimum external instrumentation modules to new major versions.
  • 547c546 Merge pull request #1309 from bizob2828/defensive-truncate
  • 53788ee Added defensive code in util/applicationLogging truncate to check if value is string before checking its length
  • 7bdeda1 Merge pull request #1307 from mrickard/NR-38203/rmSync-instead-of-rmdirSync
  • 4a731dd Merge pull request #1293 from newrelic/remove-cert-bundle
  • ad8b3d1 removed unused ssl bundle re-generation code
See the full diff
Package name: passport-jwt The new version differs by 31 commits.
  • fed94fa 4.0.1 release
  • cfb5566 Merge pull request #248 from mikenicholson/update-minmatch
  • 8e4ad5b Address minmatch vulnerability
  • e9cf2ce Merge pull request #247 from mikenicholson/jsonwebtoken-9
  • bfbc6cc Update jsonwebtoken to 9.0.0
  • a49b43e Update minimist due to prototype pollution vulnerability in previous version
  • a5137c6 Merge pull request #192 from markhoney/patch-1
  • ea824cd Update jsonwebtoken and run npm audit fix
  • 8e57eec Remove older node versions shiping npm without support for "ci"
  • 3ab9305 Add CI workflow in GitHub Actions
  • 96a6e55 Merge pull request #218 from Sambego/patch-1
  • 809cdbf Update Auth0 sponsorship link
  • ec35fa4 Add nodejs 13 & 14 to CI
  • 2cab4dd Update mocha to resolve vulnerabilities
  • b196eb8 Use nyc for coverage
  • ddafcd2 Fix typo
  • 6b92631 Merge pull request #176 from epicfaace/patch-1
  • 154af70 Stop building for Node v5 and earlier
  • d311551 Add newer node versions to Travis CI build
  • 0e39a48 Update dependencies to resolve vulnerabilities.
  • d488147 Update URLs to reference new GitHub username
  • 89152d5 Rename extrators-test.js to extractors-test.js
  • 0bb68bf Clarify use of custom extractor function.
  • 499bd4a Add js formatting to extractor example in README.
See the full diff
Package name: pg The new version differs by 179 commits.
  • 7ffe68e Publish
  • 125a268 Update changelog
  • da2bb85 Bump node-fetch from 2.6.0 to 2.6.1
  • 7649890 Update SPONSORS.md
  • c5445f0 Fix metadata for pg-connection-string
  • a02dfac Replace semver with optional peer dependencies
  • 5825843 Public export of DatabaseError
  • e421167 Add ssl=true into the test
  • 9cbea21 Solve issues caused by config.ssl = true
  • 6be3b90 Add support for ?sslmode connection string param
  • f0fc470 Update README.md (#2330)
  • 95b5daa Publish
  • 1f0d3d5 Add test for pgpass check function scope
  • 0758b76 Fix context (this) in _checkPgPass.
  • acfbafa Publish
  • 07ee1ba Bump version
  • 65156e7 Small readme updates & auto-formatting
  • 61e4b7f Merge pull request #2309 from chris--young/ssl-err
  • f4d123b Prevents bad ssl credentials from causing a crash
  • 316bec3 Merge pull request #2294 from charmander/test-fixes
  • 3edcbb7 Fix most SSL negotiation packet tests being ignored
  • 1b022f8 Remove accidentally duplicated methods
  • b8773ce Merge pull request #2289 from brianc/dependabot/npm_and_yarn/lodash-4.17.19
  • 692e418 Fix documenation typo in README (#2291)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/coronasafe-network/project/9ca839b0-9d29-480f-b4d5-e3035b58530b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/coronasafe-network/project/9ca839b0-9d29-480f-b4d5-e3035b58530b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"0baa264d-bcb9-41a5-929e-f3ca79cdd1cb","prPublicId":"0baa264d-bcb9-41a5-929e-f3ca79cdd1cb","dependencies":[{"name":"@nestjs/jwt","from":"7.0.0","to":"10.0.0"},{"name":"newrelic","from":"6.5.0","to":"9.0.0"},{"name":"passport-jwt","from":"4.0.0","to":"4.0.1"},{"name":"pg","from":"8.0.2","to":"8.4.0"}],"packageManager":"npm","projectPublicId":"9ca839b0-9d29-480f-b4d5-e3035b58530b","projectUrl":"https://app.snyk.io/org/coronasafe-network/project/9ca839b0-9d29-480f-b4d5-e3035b58530b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)