search

stashaway-engineering / node-my-info-sg

Small wrapper around Singapore MyInfo V3 API for node JS. Wraps the scary-scary 😱 security logic into easy to use APIs
7 stars 4 forks source link

[Snyk] Security upgrade node-my-info-sg from 1.1.0 to 1.1.2 #24

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Infinite loop
SNYK-JS-NODEJOSE-3323847		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-my-info-sg The new version differs by 12 commits.
  • 47180f1 chore: version bump
  • d9d352b chore(node-jose): upgrade node-jose to 2.0.0
  • 6138675 fix: Fix tests
  • 55e54c1 fix: Add error logging
  • 17ea861 fix: Update public certificate
  • 61acca4 1.1.1
  • 9257849 feat: Add parameter to override redirectUrl
  • d3e9f15 Merge pull request #5 from stashaway-engineering/dependabot/npm_and_yarn/eslint-utils-1.4.2
  • 609a68c Merge pull request #3 from stashaway-engineering/dependabot/npm_and_yarn/example/lodash-4.17.15
  • 2d3ffb9 build(deps): Bump eslint-utils from 1.3.1 to 1.4.2
  • 0cac1a3 build(deps): Bump lodash from 4.17.11 to 4.17.15 in /example
  • e88a485 feat: Update readme
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.