Open depfu[bot] opened 5 months ago
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
client-cra | ❌ Failed (Inspect) | Mar 23, 2024 8:25pm | ||
mussia12 | ❌ Failed (Inspect) | Mar 23, 2024 8:25pm |
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ @nestjs/common (8.2.3 → 10.3.5) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ @nestjs/core (8.2.3 → 10.3.5) · Repo · Changelog
Security Advisories 🚨
🚨 @nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ @nestjs/platform-express (8.2.3 → 10.3.5) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ accepts (indirect, 1.3.7 → 1.3.8) · Repo · Changelog
Release Notes
1.3.8
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 28 commits:
1.3.8
build: mocha@9.2.0
build: support Node.js 17.x
build: Node.js@14.19
build: eslint-plugin-markdown@2.2.1
build: mocha@8.4.0
deps: negotiator@0.6.3
deps: mime-types@~2.1.34
build: support Node.js 16.x
build: support Node.js 15.x
tests: fix deep equal checks
build: eslint@7.32.0
lint: apply standard 14 style
build: eslint-plugin-standard@4.1.0
build: eslint-plugin-import@2.25.4
build: mocha@7.2.0
build: nyc@15.1.0
build: eslint-plugin-markdown@1.0.2
lint: apply standard 13 style
build: nyc@14.1.1
build: mocha@6.2.3
build: support Node.js 14.x
build: support Node.js 13.x
build: Node.js@12.22
build: Node.js@11.15
build: Node.js@10.24
build: Node.js@8.17
build: use GitHub Actions instead of Travis CI
↗️ busboy (indirect, 0.2.14 → 1.6.0) · Repo
Commits
See the full diff on Github. The new version differs by 31 commits:
package: bump version to v1.6.0
multipart: ignore remaining data instead of forcefully ending
package: bump version to v1.5.0
multipart: handle empty data from streamsearch
readme: fix deprecated os.tmpDir in example
lib: add support for default param charset for non-extended params
package: bump version to v1.4.0
lib: make the module easier to bundle again
readme: fix README `mimeType` parameter inconsistency
package: bump version to v1.3.0
multipart: fully reset state on successful header parse
package: bump version to v1.2.0
multipart: only skip parts with bad headers
package: bump version to v1.1.0
test: fix lint issue
multipart: fix file stream stalling with lookbehind data
readme: fix markdown rendering
readme: fix example
readme: add link to v1.0.0 changes
package: bump version to v1.0.0
lib,test: rewrite implementation
ci: add node v12
lib: don't decode params with encodings twice
bump version
readme: fix node version to match package.json
lib: simplify basename()
bump version
ci: update node branches
lib,test: remove readable-stream, use new Buffer API
multipart: fix hang when upstream stops reading
readme: remove pledgie link
↗️ content-type (indirect, 1.0.4 → 1.0.5) · Repo · Changelog
Release Notes
1.0.5
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 74 commits:
1.0.5
build: Node.js@10.24
build: add version script for npm version releases
build: mocha@10.2.0
build: eslint@8.32.0
lint: apply standard 15 style
perf: skip value escaping when unnecessary
tests: fix deep-equal assertions
lint: remove deprecated String.prototype.substr
build: support Node.js 19.x
build: mocha@9.2.2
build: eslint-plugin-promise@5.2.0
build: eslint@7.32.0
lint: apply standard 14 style
build: nyc@15.1.0
build: Node.js@8.17
build: Node.js@10.23
build: mocha@8.4.0
build: support Node.js 18.x
build: support Node.js 17.x
lint: apply standard 13 style
build: eslint-plugin-standard@4.1.0
build: eslint-plugin-promise@4.2.1
build: eslint-plugin-import@2.27.5
build: support Node.js 16.x
build: support Node.js 15.x
build: mocha@7.2.0
build: eslint@6.8.0
build: nyc@14.1.1
build: support Node.js 14.x
build: support Node.js 13.x
build: support Node.js 12.x
build: eslint-plugin-import@2.26.0
build: support Node.js 11.x
build: eslint@5.16.0
build: mocha@6.2.3
build: use GitHub Actions instead of Travis CI
build: use nyc for coverage testing
build: speed up logic in Travis CI build steps
build: eslint-plugin-node@8.0.1
build: eslint-plugin-import@2.16.0
build: Node.js@10.15
build: Node.js@8.15
build: Node.js@6.16
build: eslint-plugin-import@2.15.0
build: eslint@5.12.1
build: mocha@5.2.0
build: restructure Travis CI build steps
build: migrate to Travis CI trusty image
build: Node.js@10.13
build: Node.js@8.12
lint: apply standard 12 style
tests: use strict equality
tests: replace deprecated assert.deepEqual with deep-equal
docs: switch badges to badgen
build: support Node.js 10.x
build: Node.js@9.11
build: eslint-plugin-standard@3.1.0
build: eslint-plugin-import@2.14.0
build: Node.js@8.11
build: Node.js@6.14
build: Node.js@4.9
build: eslint-plugin-promise@3.8.0
build: eslint-plugin-import@2.13.0
build: eslint@4.19.1
build: use yaml eslint configuration
build: Node.js@9.9
build: Node.js@8.10
build: Node.js@6.13
doc: fix some formatting
lint: apply standard 10 style
build: support Node.js 9.x
build: Node.js@8.9
build: Node.js@6.12
↗️ mime-db (indirect, 1.50.0 → 1.52.0) · Repo · Changelog
Release Notes
1.52.0
1.51.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 31 commits:
1.52.0
build: raw-body@2.5.0
build: mocha@9.2.1
Add new upstream MIME types
Add extensions from IANA for more image/* types
docs: update license
Add extension .asc to application/pgp-keys
tests: improve mime type validation in tests
Add extensions to various XML types
build: Node.js@17.4
docs: clarify description
build: mocha@9.2.0
Add new upstream MIME types
build: Node.js@17.3
Add new upstream MIME types
build: raw-body@2.4.2
build: eslint-plugin-import@2.25.4
Add new upstream MIME types
1.51.0
Mark image/vnd.ms-dds as compressible
build: eslint-plugin-import@2.25.2
build: support Node.js 17.x
build: Node.js@16.13
build: eslint-plugin-promise@5.1.1
build: mocha@9.1.3
Mark image/vnd.microsoft.icon as compressible
Add new upstream MIME types
build: update CI for npm TLS upgrade
build: Node.js@14.18
build: Node.js@16.10
Add new upstream MIME types
↗️ mime-types (indirect, 2.1.33 → 2.1.35) · Repo · Changelog
Release Notes
2.1.35
2.1.34
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 25 commits:
2.1.35
docs: update link to CI
build: fix run names in Github Actions
build: Node.js@17.7
build: mocha@9.2.2
deps: mime-db@1.52.0
build: Node.js@17.5
build: Node.js@16.14
build: mocha@9.2.0
build: Node.js@17.4
build: Node.js@14.19
build: eslint-plugin-import@2.25.4
build: mocha@9.1.4
build: Node.js@17.3
build: eslint-plugin-import@2.25.3
build: eslint-plugin-promise@5.2.0
2.1.34
build: eslint-plugin-import@2.25.2
deps: mime-db@1.51.0
docs: remove non-relevant entries from history
build: support Node.js 17.x
build: Node.js@16.13
build: eslint-plugin-promise@5.1.1
build: mocha@9.1.3
build: update CI for npm TLS upgrade
↗️ minimist (indirect, 1.2.5 → 1.2.8) · Repo · Changelog
Security Advisories 🚨
🚨 Prototype Pollution in minimist
Release Notes
1.2.8 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 52 commits:
v1.2.8
Merge tag 'v0.2.3'
v0.2.3
[Fix] Fix long option followed by single dash (#17)
[Tests] Remove duplicate test (#12)
[eslint] fix indentation
[Dev Deps] add missing `npmignore` dev dep
[Dev Deps] update `@ljharb/eslint-config`, `aud`
[Fix] Fix long option followed by single dash
[actions] Avoid 0.6 tests due to build failures
[Dev Deps] update `tape`
[Fix] opt.string works with multiple aliases (#10)
[Fix] Fix handling of short option with non-trivial equals
[Dev Deps] update `@ljharb/eslint-config`, `aud`
[Tests] Remove duplicate test
[Fix] opt.string works with multiple aliases
[eslint] more cleanup
[eslint] fix indentation and whitespace
Merge tag 'v0.2.2'
v0.2.2
v1.2.7
[meta] add `auto-changelog`
[meta] add `auto-changelog`
[actions] add reusable workflows
[meta] add `safe-publish-latest`
[eslint] add eslint; rules to enable later are warnings
[Tests] add `aud` in `posttest`
[readme] rename and add badges
[actions] add reusable workflows
[meta] add `safe-publish-latest`
[eslint] add eslint; rules to enable later are warnings
[Tests] add `aud` in `posttest`
[readme] rename and add badges
[Dev Deps] switch from `covert` to `nyc`
[Dev Deps] switch from `covert` to `nyc`
[Dev Deps] update `covert`, `tape`; remove unnecessary `tap`
[Dev Deps] update `covert`, `tape`; remove unnecessary `tap`
[meta] create FUNDING.yml; add `funding` in package.json
[meta] use `npmignore` to autogenerate an npmignore file
[meta] create FUNDING.yml; add `funding` in package.json
[meta] use `npmignore` to autogenerate an npmignore file
[meta] update repo URLs
[meta] update repo URLs
Only apps should have lockfiles
Only apps should have lockfiles
1.2.6
security notice for additional prototype pollution issue
isConstructorOrProto adapted from PR
[eslint] more cleanup
[eslint] fix indentation and whitespace
isConstructorOrProto adapted from PR
test from prototype pollution PR
↗️ multer (indirect, 1.4.3 → 1.4.4-lts.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 10 commits:
version: 1.4.4-lts.1
history: 1.4.4-lts.1
fix(cve): bump busboy to fix CVE-2022-24434
version: 1.4.4
history: 1.4.4
Handle missing field names (#913)
Fix spelling misstakes in README-es.md
Merge pull request #803 from khacpv/master
Merge branch 'master' into master
Merge pull request #948 from Collabos/master
↗️ negotiator (indirect, 0.6.2 → 0.6.3) · Repo · Changelog
Release Notes
0.6.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
🆕 @lukeed/csprng (added, 1.1.0)
🆕 uid (added, 2.0.2)
🗑️ aws-sdk (removed)
🗑️ jmespath (removed)
🗑️ xml2js (removed)
🗑️ xmlbuilder (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands