shopify-node-react-app icon indicating copy to clipboard operation
shopify-node-react-app copied to clipboard

Published 20 hours ago verified publisher icon jaayperez

[Snyk] Security upgrade koa-router from 8.0.8 to 11.0.2

Open jaayperez opened this issue 6 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: koa-router The new version differs by 50 commits.
  • 8fe1d54 11.0.1
  • d2ad849 feat: allow set router host match (#156)
  • 54a3198 11.0.0
  • fdf7117 chore: drop node 12 from tests
  • d0c6d8b feat: require node >= 12, modernize, bump deps
  • 68253f6 fix(lib/test/doc): fix jsdoc and typo (#146)
  • c6a8fc8 feat: add `exclusive` option (#129)
  • 3454a7d doc: add comma for better understanding (#145)
  • 13a634d Support symbols as route names (#143)
  • 6ba3efa feat(deps): update minimal version from 8 -> 12 (#152)
  • 6db0e68 feat(default-params): replace || cond with default params (#153)
  • 6aca720 Improve path checking before route registration (#155)
  • 4fb50ac improve doc for prefix method. (#151)
  • 65414f4 * update deps (#150)
  • 1aead99 doc: add header to refer to api reference. (#112)
  • 05fe8dd Include type installation instructions in README (#134)
  • 5cec6fb Replace user with ctx.user in param docs (#136)
  • 90dd73c 10.1.1
  • 904db98 Correct @ hapi/boom usage example (#128)
  • fa48560 10.1.0
  • e9fa04b Fix additional entry inejcted to params (#124)
  • 344ba0b 10.0.0
  • 89b7c02 Allow router.redirect() to accept external destinations (#110)
  • 56735f0 v9.4.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

jaayperez avatar Dec 20 '23 19:12 jaayperez