Feathers-Vue icon indicating copy to clipboard operation
Feathers-Vue copied to clipboard

Published 20 hours ago verified publisher icon codingfriend1

[Snyk] Security upgrade feathers-authentication-management from 0.4.2 to 3.0.1

Open snyk-bot opened this issue 5 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: feathers-authentication-management The new version differs by 136 commits.
  • 3700ad0 3.0.1
  • 8ab729f revert version in package-lock.json.
  • 9ddddcf reset version.
  • 2285ce4 3.0.1
  • 7ecefc6 Merge pull request #155 from feathersjs-ecosystem/notifierOptions
  • c81b27d Add test coverage for notifierOptions.
  • 247f8ab Added coverage for verify-signup-long.test.js -> updates verifies valid token... {} to { transport: 'sms' }
  • 396dfb0 fix unit test issue in identity-change.test.js -> updates verified user... {} to 'password'
  • a89ee3c Pass notifierOptions every were that notifier is called.
  • 4650962 Merge pull request #154 from bwgjoseph/pr/upgrade-feathers-hooks-common
  • 61d2c02 chore: bump feathers-hooks-common from 4.20.7 to 5.0.3
  • 13d419d Fixed https://github.com/feathers-plus/feathers-authentication-management/issues/151
  • 8ca9e93 Merge pull request #148 from Barbapapazes/master
  • 6f06493 fix lint issue in docs
  • e5d03e5 fix issue after save
  • eed7a97 add more informations to docs
  • 1339aa7 add documentations
  • aed51a7 add support of swagger docs
  • 9940c28 Merge pull request #147 from feathers-plus/dependabot/npm_and_yarn/lodash-4.17.19
  • c07ec65 Bump lodash from 4.17.15 to 4.17.19
  • 1477615 Update README.md
  • 600302d Updating changelog
  • f6c3557 3.0.0
  • f7ba07a Updated npmignore

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Oct 13 '20 00:10 snyk-bot