search

sourcefuse / loopback4-starter

Loopback 4 starter application. Multi-tenant architecture supported. Authentication, Authorization, Soft deletes, environment vars, Audit logs, included.
MIT License
158 stars 59 forks source link

[Snyk] Security upgrade @loopback/rest-explorer from 3.3.0 to 4.0.1 #97

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 User Interface (UI) Misrepresentation of Critical Information
SNYK-JS-SWAGGERUIDIST-2314884		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @loopback/rest-explorer The new version differs by 250 commits.
  • 4a88864 chore: publish release
  • 47d9096 chore: lock file maintenance
  • 10045c4 chore: update dependency winston to ^3.4.0
  • bf5d43b chore: update dependency qs to ^6.10.3
  • d39ed1b test(logging): metadata is not defined in the format
  • 78eb55d chore: update dependency winston to ^3.3.4
  • 3454eeb chore: update dependency testcontainers to v8
  • fedf35e chore: update lint packages
  • 72805cb chore: update dependency supertest to ^6.2.0
  • f2e96ae chore: update dependency async to ^3.2.3
  • 56c8116 chore: correct import syntax
  • af19a5d chore: update dependency winston-transport to ^4.4.2
  • 18c3f34 chore: update dependency @ graphql-tools/utils to ^8.6.1
  • c8f56e0 chore: update dependency @ commitlint/cli to ^16.0.2
  • 96c3d7e chore: update dependency lint-staged to ^12.1.7
  • 4d1ddde chore: update dependency @ types/json-merge-patch to v0.0.8
  • b22f47b chore: update dependency hyperid to v3
  • d75cef7 chore: update dependency lint-staged to ^12.1.6
  • 5504ea0 chore: lock file maintenance
  • 2f573c7 chore: update dependency bson to v4.6.1
  • be29b00 chore: replace issue template by issue form [skip ci]
  • 1d790a6 chore: lock file maintenance and update minor dependencies
  • c509340 chore: update dependency http-errors to v2
  • 8ee85f0 chore: update socket.io packages to ^4.4.1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information