sonarcloud[bot]
commented
2 years ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-MOMENT-2944238
Why? Recently disclosed, Has a fix available, CVSS 4.8
SNYK-JS-PASSPORT-2840631
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: loopback4-authentication
The new version differs by 49 commits.- d3516a1 chore(release): 6.1.5 semantic
- 6d35989 chore(deps): fix vulnerability (#89)
- d574673 chore(release): 6.1.4 semantic
- db7b408 chore(deps): semantic release (#86)
- 94fc950 chore(deps): update lb4 dependencies (#84)
- 07363de chore(release): 6.1.3 semantic
- 1f13901 fix(component): add mfa property to ClientAuthCode interface (#81)
- 1c84ee6 refactor(component): add mfa property to ClientAuthCode interface (#80)
- 1933791 chore(release): 6.1.2 semantic
- 4d4f8a4 chore(deps): update lb4 dependencies (#77)
- 5311a53 chore(deps): update lb4 dependencies (#76)
- 45acf67 fix(deps): remove vulnerabilities (#74)
- 2dd7e96 chore(release): 6.1.1 semantic
- 14e7ae2 fix(provider): minor fix in otp strategy (#70)
- edb6c68 chore(release): 6.1.0 semantic
- 5f8cd5e feat(component): add a new strategy for otp (#67)
- b7bd5b5 6.0.3
- 3cfee11 chore(deps): move patch-package to peer deps
- 1e34d0c chore(deps): update to latest loopback deps and solve security vulnerabilities
- f6dea68 fix(chore): update all dependencies (#68)
- 401097c Bump node-forge from 1.2.1 to 1.3.0 (#66)
- 1607006 6.0.2
- d70c7ed fix(chore): package lock name missing
- f86ad39 fix(chore): update lb4 authentication peer dependencies (#65)
See the full diffPackage name: loopback4-soft-delete
The new version differs by 28 commits.- f945ac9 5.0.0
- 1914020 feat(core): add support for Node.js v17 and @ loopback/cli v3
- d1e7060 Revert "refactor(repository): use FilterBuilder.impose() to merge {deleted:false} filter (#52)"
- 4f3b905 refactor(repository): use FilterBuilder.impose() to merge {deleted:false} filter (#52)
- e512996 4.0.0
- 1021b1d fix(chore): update husky and commitlint
- 6910f78 all deps updated:
- bcf5e0f Bump semver-regex from 3.1.2 to 3.1.3 (#49)
- 3dd0e5f Bump axios from 0.21.1 to 0.21.4 (#50)
- 0ec53d3 feat(chore): 3.3.0
- e299716 fix(ci-cd): fix prettier
- e9307c7 refactor(changing the version number to an available value): changing the version to available one (#53)
- 1319ae5 fix(repository): improve test coverage (#46)
- e254b5a Bump path-parse from 1.0.6 to 1.0.7 (#41)
- 9c6bc4f Bump tar from 6.1.0 to 6.1.11 (#44)
- 1e31a5b feat(chore): 3.2.2
- 6f4db89 fix(ci-cd): upgrade loopback4-authentication
- 8bd57be Bump set-getter from 0.1.0 to 0.1.1 (#36)
- 3ee147c feat(chore): 3.2.1
- e77040b Merge pull request #33 from sourcefuse/dependabot/npm_and_yarn/trim-newlines-3.0.1
- 447847d Bump trim-newlines from 3.0.0 to 3.0.1
- 5baa14e Merge pull request #34 from sourcefuse/dependabot/npm_and_yarn/normalize-url-4.5.1
- f064ba2 Bump normalize-url from 4.5.0 to 4.5.1
- 049ffe2 feat(repository): add ability to query soft delete records
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
š§ View latest project report
š Adjust project settings
š Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
š¦ Learn about vulnerability in an interactive lesson of Snyk Learn.