giuseppealbrizio
[Snyk] Fix for 1 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
496/1000 Why? Recently disclosed, Has a fix available, CVSS 4.2 |
Information Exposure SNYK-JS-MONGODB-5871303 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mongodb
The new version differs by 15 commits.- 43673fa chore(5.x): release 5.8.0 [skip-ci] (#3825)
- 4b2fc79 docs: fix cutoff sentence on CommandStartedEvent (#3828)
- 39ff81d feat(NODE-5465,NODE-5538): lower `@ aws-sdk/credential-providers` version to 3.188.0 and `zstd` to `^1.0.0` (#3821)
- e1af343 chore: update release automation scripts 5.x (#3823)
- c0d3927 feat(NODE-5399): use mongodb-js/saslprep instead of saslprep (#3818)
- 4cf1e96 fix(NODE-5537): remove credentials from ConnectionPoolCreatedEvent options (#3813)
- e81d4a2 fix(NODE-5495): do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810)
- c3b35b3 fix(NODE-5489): set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803)
- cc3069d Revert "feat(NODE-5489): update kerberos dependency"
- 8c25d6d feat(NODE-5489): update kerberos dependency
- 9bb0d95 feat(NODE-5429): deprecate the `AutoEncrypter` interface (#3764)
- cd923c8 chore(NODE-5426): move FLE code into driver (#3761)
- 77a2709 refactor(NODE-5360): refactor CommandOperation to use async (#3749)
- eb99291 ci(NODE-4615): bump flaky operation count tests threshold (#3753)
- 8649221 docs(5.7.0) (#3758)
Package name: mongoose
The new version differs by 250 commits.- 20162c6 chore: release 7.5.0
- 1cd9384 Merge pull request #13796 from Automattic/7.5
- 419c64d docs: add comment about top-level dollar keys re: #13796 code review comments
- a92e8e8 Merge branch 'master' into 7.5
- d9a4bc4 Merge pull request #13793 from Automattic/vkarpov15/gh-13774
- 29de9c4 Merge pull request #13786 from Automattic/vkarpov15/handle-top-level-dollar-keys
- 84e79b9 Merge pull request #13787 from Automattic/vkarpov15/gh-13780
- a9db5ea types: handle Schema.Types.BigInt in schema definition re: #13780
- 90fc4d2 Merge pull request #13792 from mreouven/patch-1
- 41e63bd fix(document): avoid double-calling array getters when using `.get('arr.0')`
- c1d5b76 Merge pull request #13774 from Automattic/vkarpov15/gh-13748
- 0d956ce test: fix tests
- f44e169 Update pipelinestage.d.ts
- 9f1c24c Update pipelinestage.d.ts
- 7ec92a7 types(schematypes): add missing BigInt SchemaType
- fe7f80b test: add tests
- 40146c8 feat: allow top level dollar keys with findOneAndUpdate(), update()
- fafa5d5 Merge branch 'master' into 7.5
- e36fc48 docs: fix link
- 65245a4 style: fix lint
- 069651e Merge branch 'master' into 7.5
- 6eeb875 Merge branch 'master' into vkarpov15/gh-13748
- e12ae3f chore: release 7.4.5
- 13c2ad0 fix(model): fix merge issue
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
