Open snyk-bot opened 3 years ago
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: π§ View latest project report
π©βπ» Set who automatically gets assigned
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
Changes included in this PR
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 5.9
SNYK-JS-MONGOOSE-472486
Why? Has a fix available, CVSS 3.7
npm:debug:20170905
Why? Has a fix available, CVSS 3.7
npm:ms:20170412
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: body-parser
The new version differs by 53 commits.- b2659a7 1.18.2
- 6339bf7 perf: remove argument reassignment
- d5f9a4a deps: debug@2.6.9
- d041563 1.18.1
- 9efa9ab deps: content-type@~1.0.4
- f1ef6cc deps: qs@6.5.1
- e438db5 deps: raw-body@2.3.2
- 15c3585 deps: iconv-lite@0.4.19
- adfa01c 1.18.0
- 0632e2f Include the "type" property on all generated errors
- b8f97cd Include the "body" property on verify errors
- c659e8a tests: add test for err.body on json parse error
- 4e15325 tests: reorganize json error tests
- 5bd7ed5 tests: reorganize json strict option tests
- 3cb380b tests: store server on mocha context instead of variable shadowing
- 29c8cd0 docs: document too many parameters error
- 7b9cb14 Use http-errors to set status code on errors
- 29a27f1 docs: fix typo in jsdoc comment
- 448dc57 Fix JSON strict violation error to match native parse error
- 87df7e6 tests: add leading whitespace strict json test
- 1841248 deps: raw-body@2.3.1
- e666dbe deps: http-errors@~1.6.2
- c2a110a deps: bytes@3.0.0
- a1a2e31 build: Node.js@8.4
See the full diffPackage name: mongoose
The new version differs by 250 commits.- 40a879b chore: release 5.7.5
- 159457d chore: add vpn black friday as sponsor
- e6285ea Merge pull request #8244 from AbdelrahmanHafez/master
- d9163f5 fix: correct order for declaration
- cec9dda Minor refactor to ValidationError
- 13ae085 docs(index): add favicon to home page
- 96ce0eb style: fix lint
- 973b1e0 docs: add schema options to API docs
- cdfb507 chore: add useUnifiedTopology for tests re: #8212
- 936ddfb fix(update): handle subdocument pre('validate') errors in update validation
- 98b3b09 test(update): repro #7187
- b9c1012 docs(middleware): add note about accessing the document being updated in pre('findOneAndUpdate')
- 327b47a fix(subdocument): make subdocument#isModified use parent document's isModified
- 54db026 test(subdocument): repro #8223
- 89eb449 chore: now working on 5.7.5
- ffbff22 chore: change version for recompiling website
- 0562ca7 chore: add opencollective sponsors: top web design companies, casino top
- ee22c09 chore: now working on 5.7.5
- f3eca5b fix(query): delete top-level `_bsontype` property in queries to prevent silent empty queries
- cc10e0d test(query): repro #8222
- ede5aef chore: release 5.7.4
- 402db1a fix(model): support passing `options` to `Model.remove()`
- 7a20276 fix(schema): handle `required: null` and `required: undefined` as `required: false`
- 9b4a323 test(schema): repro #8219
See the full diffWith a Snyk patch:
Why? Has a fix available, CVSS 3.7
npm:debug:20170905
Why? Has a fix available, CVSS 3.7
npm:ms:20170412
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π©βπ» Set who automatically gets assigned
π Adjust project settings
π Read more about Snyk's upgrade and patch logic