vlasn / mets-be

Metsahaldur backend
0 stars 1 forks source link

[Snyk] Security upgrade express-validator from 5.3.1 to 6.5.0 #38

Closed snyk-bot closed 11 months ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599
Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600
Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601
Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: express-validator The new version differs by 97 commits.
  • cd4136e 6.5.0
  • 612e2d9 Don't modify requests if oneOf chain didn't succeed (#877)
  • 7595c94 chain: comment out isDate for now
  • 8b604af chain: add missing methods to Validators interface
  • ab6ffe4 npm: upgrade validator to 13.0.0 (#874)
  • 29374cb 6.4.1
  • 70af46e npm: audit fix dependencies
  • efbfe3a Only consider . to be special char for now
  • 42819ae npm: update dependencies
  • 7736384 Remove console.log
  • 3814c0a Fix use of special chars in selectors
  • 0c450a9 docs: fix... typo? (#842)
  • 246f2ea docs: improve wording in matchedData page (#846)
  • 6123155 docs: improve wording in whole-body validation (#845)
  • 3124129 docs: fix typo in schema validation and improve wording (#844)
  • d85b368 docs: fix verb tense in the custom validator page (#841)
  • 19531ec docs: fix verb tense in the validationResult page (#847)
  • f868e23 docs: small fixes in the wildcard feature (#843)
  • 31d73c2 npm: add build script
  • 008a0ae docs: migrate usages of sanitize to check
  • 4bbe421 6.4.0
  • acb2ad7 npm: run docs:build before git add on versioning
  • 5e293cf Compile TS to ES2017 (#826)
  • 0163461 npm: upgrade a few packages (#825)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic