egg-boilerplate-d-ts icon indicating copy to clipboard operation
egg-boilerplate-d-ts copied to clipboard

Published 20 hours ago verified publisher icon whxaxes

[Snyk] Security upgrade egg from 2.37.0 to 3.10.0

Open whxaxes opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: egg The new version differs by 60 commits.
  • df1148f Release 3.10.0
  • 7b8edbf feat: use egg-core@5 (#5111)
  • 4b8de60 docs: correct word (#4965)
  • 98e9db0 test: add missing deps for unittest (#5110)
  • 73c96fd Release 3.9.2
  • 713a081 fix: currentContext typo (#5107)
  • af78b29 Release 3.9.1
  • 237306c test: no lock file (#5105)
  • fb21c9f Release 3.9.1
  • 6dc86f5 test: use artusjs/github-actions to run CI (#5103)
  • 13bbe6c fix: Enable auto npm release workflow (#5102)
  • 2c4eb9c 🐛 FIX: Should import types from urllib-next root path (#5101)
  • 53ada86 Release 3.9.0 (#5100)
  • af12069 chore: update workflow for gh-pages (#5098)
  • 344139e 🐛 FIX: Typo on HttpClient request (#5097)
  • 1021faf 👌 IMPROVE: Keep more compatible d.ts on httpclient request (#5092)
  • 9d6acfd 📦 NEW: Run async function in the anonymous context scope (#5094)
  • 5128bb9 Release 3.8.0 (#5089)
  • 75d025b 👌 IMPROVE: Upgrade egg-schedule to v4 (#5088)
  • 3d2ce91 Release 3.7.0 (#5086)
  • e94c7df 📦 NEW: Upgrade egg-logger v3 to enable localStorage (#5085)
  • c76e16c 📖 DOC: Use @ eggjs/tsconfig for tsconfig.json (#5066)
  • 9a83bbe chore: Change version to 3.6.0
  • 51c78c0 Release 3.6.0 (#5081)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

whxaxes avatar Jan 10 '23 07:01 whxaxes