code-push-server
code-push-server copied to clipboard
lisong
[Snyk] Fix for 2 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1 |
Open Redirect SNYK-JS-EXPRESS-6474509 |
No | No Known Exploit |
 |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Infinite loop SNYK-JS-MARKDOWNIT-6483324 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express
The new version differs by 250 commits.- b28db2c 4.19.2
- 0b74695 Improved fix for open redirect allow list bypass
- 4f0f6cc 4.19.1
- a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
- a1fa90f fixed un-edited version in history.md for 4.19.0
- 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
- 084e365 4.19.0
- 0867302 Prevent open redirect allow list bypass due to encodeurl
- 567c9c6 Add note on how to update docs for new release (#5541)
- 69a4cf2 deps: [email protected]
- 4ee853e docs: loosen TC activity rules
- 414854b docs: nominating @ wesleytodd to be project captian
- 06c6b88 docs: update release date
- 1b51eda 4.18.3
- b625132 build: pin Node 21.x to minor
- e3eca80 build: pin Node 21.x to minor
- 23b44b3 build: support Node.js 21.6.2
- b9fea12 build: support Node.js 21.x in appveyor
- c259c34 build: support Node.js 21.x
- fdeb1d3 build: support Node.js 20.x in appveyor
- 734b281 build: support Node.js 20.x
- 0e3ab6e examples: improve view count in cookie-sessions
- 59af63a build: [email protected]
- e720c5a docs: add documentation for benchmarks
Package name: markdown-it
The new version differs by 200 commits.- e476f78 13.0.2 released
- dfd485b Dist rebuild
- 80a3adc Fix crash in linkify inline rule on malformed input
- 49ca65b Sync pathological tests with cmark
- 2b6cac2 Sync pathological tests with cmark
- 08444a5 Fix typo; minor copy-edits (#879)
- 940459e fix: remove outdated comments (#891)
- 1529ff4 Guard against custom rule not incrementing pos
- 6325878 Multiple refactors
- 9ff460e Drop a lot of extra code from blockquotes
- e843acc Merge branch 'master' of github.com:markdown-it/markdown-it
- bda7182 13.0.1 released
- b8b610f Dist rebuild
- d17df13 Bump linkify-it to 4.0.1
- 0c19c37 Merge pull request #866 from yne/patch-1
- e157cd2 doc: Add syntax highlighting
- 6ec0b76 13.0.0 released
- 0e4c0f4 Dist rebuild
- d1757ed Bump linkify-it to v4
- bab0baf Added examples on how to add and modify rules (#619)
- e6d1bfd refactor: replace deprecated String.prototype.substr()
- f523514 Remove (p) => § replacement in typographer
- 3fc0deb Put entities to separate token
- 6b58ec4 Add linkifier rule to inline chain for full links
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
