search

tonesto7 / echo-speaks-server

45 stars 926 forks source link

[Snyk] Upgrade cookie from 0.4.2 to 0.5.0 #81

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to upgrade cookie from 0.4.2 to 0.5.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Directory Traversal
SNYK-JS-MOMENT-2440688		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: cookie
  • 0.5.0 - 2022-04-11
    • Add priority option
    • Fix expires option to reject invalid dates
    • pref: improve default decode speed
    • pref: remove slow string split in parse
  • 0.4.2 - 2022-02-02
    • pref: read value only when assigning in parse
    • pref: remove unnecessary regexp in parse
from cookie GitHub release notes
Commit messages
Package name: cookie Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs