search

postmanlabs / sails-mysql-transactions

sails/waterline ORM with mySQL transaction support
Apache License 2.0
59 stars 20 forks source link

[Snyk] Fix for 11 vulnerabilities #113

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-LODASH-567746		 Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-LODASH-590103		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 Yes Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388		 Yes No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jscs The new version differs by 250 commits.
  • 7a85716 2.5.0
  • 0eaaf8f Prepare for version 2.5.0
  • 214cf9f Misc: update dependencies
  • cdb0af4 Misc: fix code style violations
  • 2481d63 Configuration: allow default preset override
  • 5047150 Preset: use wikimedia preset as dependency
  • cf60723 Fix: Sparse arrays in rules with spacing and commas
  • 1788d59 Update: `requireCurlyBraces`: make rule more flexible
  • 9469688 Misc: fix code style issues
  • 706495b Update: `{ allExcept: ['trailing'] }` for "requireSpaceAfterComma"
  • 8eb92b6 Configuration: correct config dir detection
  • 5eb8fbd Docs: Fixed missing markdown codeblock closing
  • ec55656 Docs: fixed CHANGELOG.md links to some rules
  • f418a5c Misc: `requireSpacesInGenerator` refactor
  • ad82a43 New Rule: requireSpacesInGenerator
  • 3d0ae58 Docs: Added hzoo and chat room
  • 37fc3fe Misc: optimize lint execution in package.scripts
  • 8eb05e2 Misc: update 2.4.0 changelog with bug fix
  • 65f6df1 2.4.0
  • 9ef33c3 Misc: Prepare for version 2.4.0
  • 98812c4 Fix: block statements rules - account for bare blocks
  • 2c8d58e New rule: requireAlignedMultilineParams:
  • 077c2f6 Fix: rename "requireCapitalizedComments" option
  • 5ee3120 Tests: fix merge artefact
See the full diff
Package name: waterline-adapter-tests The new version differs by 169 commits.
  • 944f2b7 1.0.0
  • 0eb219f 1.0.0-13
  • 26f2034 Fix misconfigured many-to-many association
  • 354007d Remove errant log
  • aaa500c 1.0.0-12
  • cf24518 Add tests for `omit`
  • 8770d6e Add `archiveModelIdentity: false` where necessary to avoid errors re: Archive model in tests.
  • f03938d 1.0.0-11
  • 9e76b38 Test "json" attribute creation against all valid JSON types
  • 795da10 Test that `replaceCollection` doesn't allow > 1 parent record IDs when operating on a one-to-many relationship
  • d9371e4 1.0.0-10
  • 23f2fb9 Test that child records aren't processed > 1 time and aren't attached by reference
  • f101d92 Use correct fixtures for `belongsTo` find+populate tests
  • 066d6d9 Add json attribute to `belongsTo` parent fixture
  • 561141d 1.0.0-9
  • 875c6d9 Add test for correctly removing unnecessary conjuncts/disjuncts
  • e389d1a Don't set `id` in the "update unique to the same value" test
  • 2e77032 Whitespace
  • a4017f9 Fix test added in https://github.com/balderdashy/waterline-adapter-tests//commit/9bad9416f19040feeb1880b410e760dece4f921e to not expect the taxi ID to always be 1
  • 9bad941 Add test to ensure that child criteria are disambiguated in many-to-many joins
  • 19dbf70 Add a couple of tests that check that values aren't over-escaped.
  • a8f1dac 1.0.0-8
  • 4d6b45e Don't run "update PK" test on sails-disk.
  • 402bd89 Use roadstead versions
See the full diff
With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic