skybase icon indicating copy to clipboard operation
skybase copied to clipboard

Published 20 hours ago verified publisher icon kongnet

[Snyk] Security upgrade amqplib from 0.5.6 to 0.7.1

Open kongnet opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • demo/6-sql-test/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JS-URLPARSE-1078283		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: amqplib The new version differs by 20 commits.
  • 32aa202 Merge pull request #609 from squaremo/release-0.7.1
  • 0f5fc24 Bump version and changelog for v0.7.1
  • f729616 Merge pull request #607 from ThomasGawlitza/updateDeps2
  • 3de36fa update uglify-js from 2.6.x to 2.8.x
  • 20ead0d update bluebird from 3.5.2 to 3.7.3
  • 8763e30 update safe-buffer from 5.1.2 to 5.2.1
  • 630b06f using latest npm
  • 3f30ab2 update url-parse from ~1.4.3 to ~1.5.1
  • d84bf6d Include Node.js v14, v15 in CI
  • 99a854f Bump package version to 0.7.0
  • 19fb6cb Merge pull request #605 from squaremo/allow-node-15
  • 836cbc9 Fix use of stream.write(data, encoding) in tests
  • 28cd533 Bump NPM packages and Node version allowed
  • e3e1016 Bump package version number to 0.6.0
  • b13e98f Merge pull request #579 from squaremo/update-node-versions
  • 21b3f92 Update README and Makefile with supported Node
  • db6e6fa Merge pull request #570 from fretlink/allow-newer-node
  • 5ae49c0 Update changelog with v0.5.6
  • 1b11f0c Run travis tests on Node 12, 13 and 14
  • 1dc9470 Allow NodeJS engines up to version 14

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

kongnet avatar Mar 09 '21 04:03 kongnet