accessibility-cloud icon indicating copy to clipboard operation
accessibility-cloud copied to clipboard
verified publisher icon sozialhelden

[Snyk] Security upgrade meteor-node-stubs from 0.2.11 to 1.2.8

Open opyh opened this issue 1 year ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • app/package.json
    • app/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 828/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7		 Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-8187303		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: meteor-node-stubs The new version differs by 250 commits.
  • 849ff8a bump beta version to beta.7 in migration guide
  • c0dd2ab Merge pull request #13045 from meteor/feature/mongo-minPoolSize-oplog
  • 03a9d44 publish mongo 1.16.8
  • 1a7e08a Merge branch 'devel' into feature/mongo-minPoolSize-oplog
  • f697f33 add missing BR
  • e8596c0 Updated node and npm version to match beta.6
  • fd3ec08 Blaze reference update
  • 726e366 Set minPoolSize for oplog
  • a754fcc docs: updating beta reference to .6
  • 7c75017 Merge pull request #13002 from meteor/fix/underscore-1.6
  • 592e185 Merge branch 'devel' into fix/underscore-1.6
  • feddb54 Updating the FAQ for 3.0 migration
  • 2ad99fd update beta.0 references
  • c43a268 Merge pull request #13012 from meteor/feature/deprecated-readme-links
  • 5543258 Update readme links on deprecated packages
  • 3484f95 Merge branch 'devel' into fix/underscore-1.6
  • c26569d added 2.15 link to guide
  • 2b8ecb9 Merge branch 'devel' into fix/underscore-1.6
  • 07707d3 Update README.md
  • 74fbc2d Quick fix in underscore 1.6 for #13001
  • 7411b3c add version 2.15 to docs config
  • 5bf83f0 Merge pull request #12983 from meteor/release-2.14.1
  • e103700 Update Meteor npm installer
  • ff3d9cc Meteor version to 2.15 :comet:

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

opyh avatar Oct 19 '24 00:10 opyh