code-push-server icon indicating copy to clipboard operation
code-push-server copied to clipboard
verified publisher icon lisong

[Snyk] Fix for 1 vulnerabilities

Open lisong opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: extract-zip The new version differs by 20 commits.
  • eb3c1ed 2.0.0
  • 27f3f85 feat: add TypeScript definition (#92)
  • ef3995d build: lint ava tests (#91)
  • e8dae76 docs: add troubleshooting docs
  • af00186 refactor: replace callback-style API with Promise-style API (#90)
  • 7993cb8 feat: require Node 10.12 (#89)
  • 79e0910 doc: clarify that required parameters are paths (#56)
  • cc72c88 build: use package.json files instead of .npmignore
  • c2b1c17 1.7.0
  • 990fc64 Add error handler to zipfile object (#67)
  • 8285111 feat: don't pin dependency requirements (#88)
  • 2a8df24 1.6.8
  • 30ab06c build(deps): upgrade mkdirp to 0.5.4 for security
  • 2b2a84e build: ignore lock files
  • 422a39f 1.6.7
  • 1cd5ceb Merge pull request #72 from maxogden/upgrade-concat-stream
  • 4514f66 Travis: test Node 8 & 10 as well
  • 3aeb1b1 Upgrade concat-stream to 1.6.2
  • c1aa196 Merge pull request #66 from tcoopman/patch-1
  • 0e5693f use mkdirp 0.5.1

See the full diff

Package name: sequelize The new version differs by 250 commits.
  • 0a9b8a6 5.1.0
  • 6d84ced docs: fix styling issue with long comments
  • cf5aeea chore: v5 release (#10544)
  • 1275de0 docs: remove extra entries
  • d6d9d81 5.0.0-beta.17
  • bc6c133 docs: v5.0.0-beta.17
  • 4478d74 chore: strict linting for code and jsdocs (#10535)
  • f862e6b fix(util): improve performance of classToInvokable (#10534)
  • a26193a chore: enforce stricter linting (#10532)
  • 786b19b fix(build): default null for multiple primary keys
  • ae7d4b9 feat: expose Sequelize.BaseError
  • e03a537 fix(tests): missing clock instance
  • d7241f7 fix(tests): path for instance tests
  • 69b85c3 refactor: instance tests
  • 0c68590 feat(sqlite/query-generator): support restart identity for truncate-table (#10522)
  • 3cd3891 refactor(data-types): move to classes (#10495)
  • 1b4a7bf fix(association): use minimal select for hasAssociation (#10529)
  • 7ccbb1e fix(query-interface): reject with error for describeTable (#10528)
  • 454cf48 fix(model): throw for invalid include type (#10527)
  • 0b5aa71 fix(types): allow specifying additional options for db.query and add missing retry (#10512)
  • 45648dd docs(legacy): fix N:M example (#10509)
  • 10c34e3 fix(query): don't prepare options & sql for every retry (#10498)
  • e5c0d78 feat: upgrade to [email protected] (#10494)
  • e0fe772 build: update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

lisong avatar Jan 11 '23 02:01 lisong