vandium-node
vandium-node copied to clipboard
Published
20 hours ago •
vandium-io
vandium-io
[Snyk] Fix for 2 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3 |
Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060 |
No | No Known Exploit |
 |
701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3 |
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: cookie
The new version differs by 156 commits.- ab057d6 0.7.0
- 5f02ca8 Migrate history to GitHub releases
- a5d591c Migrate history to GitHub releases
- 51968f9 Skip isNaN
- 9e7ca51 perf(parse): cache length, return early (#144)
- d6f39b0 Fix tests for old node
- 6bb701f Remove failing scorecard
- ca70da4 test(serialize): additional tests for name, domain and path RFC validations (#171)
- 47917c9 Iterate whitespace for perf (#170)
- 927d48a Add `main` to `package.json` (#166)
- c679ccc Fix CI
- e100428 fix: narrow the validation of cookies to match RFC6265 (#167)
- 26031e3 docs: fix typo in function description (#161)
- 2294a8f ci: add scorecard pipeline (#158)
- 38323ba 0.6.0
- 7560154 build: [email protected]
- c45b52d docs: switch badges to badgen
- 84a1567 Add partitioned option
- c67a478 docs: fix typos in HISTORY
- 52a76c1 docs: fix typo in HISTORY
- 5f22857 Fix typo in JSDoc
- da7e44e build: [email protected]
- 936036a build: [email protected]
- 197f670 build: [email protected]
Package name: jwk-to-pem
The new version differs by 11 commits.- da44c23 v2.0.6
- 0ff4f92 deps: [email protected] (#189)
- 581f70f build: gha (#190)
- 1e0c369 Fixes typo (#135)
- 89d44ee v2.0.5
- a045457 deps: elliptic@^6.5.4 (#84)
- a871ea0 v2.0.4
- 080e08a deps: elliptic@^6.5.3 (#48)
- 4434c6b Fix dependabot.yml more (#40)
- c1a4f68 Fix dependabot.yml (#39)
- e9b7063 Add dependabot config
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
