[Snyk] Fix for 2 vulnerabilities

Open eces opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 35 commits.

8790b8e chore(release): v1.6.4 (#6173)
0ad520d chore(ci): fix notify action; (#6172)
3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
90864b3 docs: update logos
1542719 docs: updated headline sponsors
b15b918 chore(release): v1.6.3 (#6151)
b76cce0 chore(ci): added branches filter for notify action; (#6084)
5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
8befb86 docs: update alloy link (#6145)
d18f40d docs: add headline sponsors
b3be365 chore(release): v1.6.2 (#6082)
8739acb chore(ci): removed redundant release action; (#6081)
bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
a2b0fb3 chore(docs): update README.md (#6048)
b12a608 chore(ci): removed paths-ignore filter; (#6080)
0c9d886 chore(ci): reworked ignoring files logic; (#6079)
30873ee chore(ci): add paths-ignore config to testing action; (#6078)
cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
7009715 chore(ci): fixed release notification action; (#6064)
7144f10 chore(ci): fixed release notification action; (#6063)
f6d2cf9 chore(ci): fix publish action content permission; (#6061)
a22f4b9 chore(release): v1.6.1 (#6060)
cb8bb2b chore(ci): Publish to NPM with provenance (#5835)

Package name: typeorm

The new version differs by 250 commits.

b6ef306 updated glob version
b5d2599 build(deps-dev): bump the npm_and_yarn group group with 1 update (#10591)
080528b fix: resolve circular dependency when using Vite (#10273)
338df16 feat: add support for table comment in MySQL (#10017)
15bc887 build: update CircleCI config & repair failing tests (#10590)
b5ec088 docs: update Chinese faq.md (#10593)
a00b1df feat: implement OR operator (#10086)
dd59524 fix: prevent using absolute table path in migrations unless required (#10123)
4329996 docs: update Soft-Delete, Restore-Soft-Delete examples (#10585)
7ecc8f3 docs: updated id to _id (#10584)
8b4df5b fix: added fail callback while opening the database in Cordova (#10566)
173910e fix: should automatically cache if alwaysEnable (#10137)
73ee70b fix: correctly keep query.data from ormOption for commit / rollback subscribers (#10151)
e67d704 feat: nullable embedded entities (#10289)
5c28154 feat: BeforeQuery and AfterQuery events (#10234)
0f11739 docs: fix typos (#10243)
b188c1e chore: initial setup of ESLint (#10203)
25e6ecd fix: nested transactions issues (#10210)
3cda7ec feat: add isolated where statements (#10213)
149226d fix: backport postgres connection error handling to crdb (#10177)
122b683 fix: mssql datasource testonborrow not affecting anything (#10589)
dc1bfed fix: resolve issues on upsert (#10588)
a939654 fix: remove dynamic require calls (#10196)
f6b87e3 perf: improve SapQueryRunner performance (#10198)

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Jan 05 '24 17:01 eces