nodeclub
nodeclub copied to clipboard

Published 20 hours ago •

Reame
Issues

[Snyk] Fix for 2 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: loader-builder

The new version differs by 22 commits.

3d38e6a Bump 2.7.0
89f261c upgrade dependencies
66f9228 Merge pull request #15 from sinchang-bot/patch
17f2944 Merge pull request #16 from sinchang-bot/patch-2
6cf0785 Update travis list
35707af Make the badge clear
e147812 Bump 2.6.1
f7a23cb Use fs.writeFileSync instead of
5163009 fix test cases
59cbff2 Bump 2.6.0
317bc68 Improve uglify to support ES syntax
3299f52 fix test cases
a38802b Update travis list
c8bc250 update document
1855604 Bump 2.5.0
f413131 improve documentation
e34f168 增加--no-debug的说明
382a7b5 Merge pull request #12 from JacksonTian/nodebug
28a410f fix test case for new babel transform
b524b47 update traivis config
f910c32 refine make file
282b60d Add --no-debug switch

See the full diff

Package name: passport

The new version differs by 160 commits.

c33067b 0.6.0
3052bb4 Update changelog.
42630cb Merge pull request #900 from jaredhanson/fix-fixation
8dd79fe Use utils-merge rather than Object.assign for compatibility.
4f6bd5b Change keepSessionData to keepSessionData.
46756e5 Silence verbose logging.
987b191 Add tests.
f8a175f Add tests.
29a90d6 No need to guard callback existence.
bfba8a1 Add tests.
17111d7 Add option to keep session data on logout.
a349c2b Add option to keep session data.
e69834e Add optional options to login and logout.
8825a9a Add tests.
c1991cf Add tests.
294f22c Better session detection and exceptions.
80cc4e3 Add tests.
3001654 Add tests.
b395106 Clean up tests.
cfa8259 Add tests.
ee0bf81 Add tests.
cc7606c Add tests.
71c54f6 Add test.
88c1f1b Handle logout without session manager.

See the full diff

Package name: request

The new version differs by 58 commits.

02fc5b1 Update changelog
de1ed5a 2.87.0
a6741d4 Replace hawk dependency with a local implemenation (#2943)
a7f0a36 2.86.1
8f2fd4d Update changelog
386c7d8 2.86.0
76a6e5b Merge pull request #2885 from ChALkeR/patch-1
db76838 Merge branch 'patch-1' of github.com:ChALkeR/request
fb7aeb3 Merge pull request #2942 from simov/fix-tests
e47ce95 Add Node v10 build target explicitly
0c5db42 Skip status code 105 on Node > v10
d555bd7 Generate server certificates for Node > v10
81f8cb5 Remove redundant code
db17497 Use Buffer.from and Buffer.alloc in tests
0d29635 Merge pull request #2923 from gareth-robinson/cifixes
3745cec Correction for Windows OS identification
219a298 Alterations for failing CI tests
bbb3a0b 2.85.1
21ef363 Update changelog
5dad86e 2.85.0
5ba8eb4 Revert "Update hawk to 7.0.7 (#2880)"
b191514 2.84.1
d77c839 Update changelog
4b46a13 2.84.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Jul 02 '22 03:07 snyk-bot