inkscraper icon indicating copy to clipboard operation
inkscraper copied to clipboard

Published 20 hours ago verified publisher icon AdhityaRamadhanus

[Snyk] Fix for 1 vulnerabilities

Open snyk-bot opened this issue 5 years ago • 0 comments
trafficstars

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Deserialization of Untrusted Data
SNYK-JS-BSON-561052		 Yes No Known Exploit
Commit messages
Package name: agenda The new version differs by 110 commits.
  • 61c5343 2.0.0
  • 41da727 Update changelog for v2.0.0
  • 4417cce Update yarn lockfile (#654)
  • 24dbb49 Merge pull request #616 from agenda/update/mongo-v3
  • b811523 fix(database): use db() syntax rather than pulling dbName from client
  • fd077d1 feat(database): upgrade mongodb -> 3.1
  • 3af71e1 Update dependency sinon to v4.5.0 (#636)
  • f0d0615 Update dependency mocha to v4.1.0 (#634)
  • c255d09 Update dependency coveralls to v3.0.1 (#630)
  • e23c2cd Refactor tests little bit with promises
  • 56658de Remove comments refrencing deprecated findAndModify
  • 1462e3f Readme: es6ify examples
  • 486b24c Pin dependencies (#622)
  • a20dfc8 Pin dependencies (#620)
  • 1d5d7de Configure Renovate (#613)
  • c398fe6 Fix typos and mistakes in docs (#614)
  • c1281c4 Update native mongodb driver to v3
  • 18dd9be Tests: test `lastRunAt` not `nextRunAt` for FIFO tests
  • fabf722 Add Azure cosmosDB issue to FAQ
  • 7bf1e9f ci(travis): run `npm test` so travis runs lint (#607)
  • 7c41ffa Docs: fix too large image
  • 36f8d85 Update History.md with details about Promises
  • b9ecca9 Promise rewrite (#557)
  • 0a82921 Update README.md to have correct priority mapping

See the full diff

Package name: agendash The new version differs by 37 commits.
  • 8d77657 Version bump 1.0.0
  • 3c10e89 Support agenda 2 (#95)
  • 873b11a Add Hapi v17 middleware, drop support for Node.js 6 & 7 (#81)
  • 3317f6c Add entrypoint to change mongodb uri and collection from env (#76)
  • ac7a023 feat(docker): add entrypoint to change db and collection from env
  • b7b8ac3 add console log to startup
  • 0d2d9b0 Correct node version drop in changelog
  • 70a0b14 Prepare changelog for the next version
  • 828e9e4 remove support for old agenda and node versions
  • 7ff0897 Replace mocha with ava (#70)
  • e642fdb Docker support (#54)
  • f487b70 Merge pull request #69 from agenda/update-deps
  • cf5760f fix hanging tests
  • 26a7c59 fix package.json indent
  • f00ebbb Merge branch 'master' into update-deps
  • b0a3bd4 Merge pull request #56 from agenda/add-xo
  • dbeebce Merge branch 'master' into add-xo
  • 9caab67 Fix actually using that const
  • 4fe5f02 Add snyk badge
  • c99f904 Merge branch 'master' into add-xo
  • 72e8b42 Drop older versions of Agenda from tests
  • 78f6318 Update meta files related to deps update
  • 84b1477 Update dependencies
  • 7b84319 Add Slack badge to readme

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • 76fae6d chore: release 5.3.9
  • 40d4177 Merge pull request #7213 from NewEraCracker/master
  • 751397c fix(document): run setter only once when doing `.set()` underneath a single nested subdoc
  • 10837d4 test(document): repro #7196
  • 10a63a9 Bump version of bson dependency to match mongodb-core
  • d10274e docs(transactions): add example of aborting a transaction
  • d245847 Merge branch 'master' of github.com:Automattic/mongoose
  • 551a75b chore: add cpc to some pages that were missing it
  • 1ca3514 Merge pull request #7210 from gfranco93/patch-1
  • c1606b6 Merge pull request #7207 from lineus/fix-7098
  • e9d538e Merge pull request #7203 from lineus/fix-7202
  • 8f16b67 fix(document): surface errors in subdoc pre validate
  • 87005a1 test(document): repro #7187
  • 5b1d81c Documentation fix: fixed anchor link
  • eebfb36 docs(query): add note re: cursor()
  • c1e2617 docs(query): improve find() docs re: #7188
  • 526f82d fix(query): run default functions after hydrating the loaded document
  • 320d5f8 test(query): repro #7182
  • 64c6d15 if our update schema path is a nested array do not skip query casting.
  • 5d122e8 test for #7098
  • 5ba13a7 refactor(test): move strictQuery tests to query.test.js since they do not use findOneAndUpdate()
  • 4121629 chore: refer to correct issue #7178
  • 22ed5d2 fix(query): handle strictQuery: 'throw' with nested path correctly
  • 8c16354 test(query): repro #7152

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Mar 28 '20 04:03 snyk-bot