Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: adm-zip, ms, cfenv, consolidate, dustjs-helpers, errorhandler, express-session, hbs, jquery, marked, mongoose, stream-buffers, typeorm, validator #4

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

SebAllouche
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

adm-zip
from 0.5.2 to 0.5.16 | 14 versions ahead of your current version | 22 days ago
on 2024-08-30
ms
from 2.0.0 to 2.1.3 | 4 versions ahead of your current version | 4 years ago
on 2020-12-08
cfenv
from 1.2.2 to 1.2.4 | 2 versions ahead of your current version | 3 years ago
on 2021-04-07
consolidate
from 0.14.5 to 0.16.0 | 3 versions ahead of your current version | 4 years ago
on 2020-09-08
dustjs-helpers
from 1.5.0 to 1.7.4 | 9 versions ahead of your current version | 7 years ago
on 2017-12-09
errorhandler
from 1.5.0 to 1.5.1 | 1 version ahead of your current version | 5 years ago
on 2019-05-09
express-session
from 1.17.2 to 1.18.0 | 2 versions ahead of your current version | 8 months ago
on 2024-01-28
hbs
from 4.1.2 to 4.2.0 | 1 version ahead of your current version | 3 years ago
on 2021-11-17
jquery
from 3.5.0 to 3.7.1 | 8 versions ahead of your current version | a year ago
on 2023-08-28
marked
from 4.0.10 to 4.3.0 | 25 versions ahead of your current version | a year ago
on 2023-03-22
mongoose
from 5.13.20 to 5.13.22 | 2 versions ahead of your current version | 9 months ago
on 2024-01-02
stream-buffers
from 3.0.2 to 3.0.3 | 1 version ahead of your current version | 3 months ago
on 2024-06-17
typeorm
from 0.3.18 to 0.3.20 | 17 versions ahead of your current version | 8 months ago
on 2024-01-26
validator
from 13.7.0 to 13.12.0 | 3 versions ahead of your current version | 4 months ago
on 2024-05-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
382 Proof of Concept
Release notes
Package name: adm-zip from adm-zip GitHub release notes
Package name: ms
  • 2.1.3 - 2020-12-08

    Patches

    • Rename zeit to vercel: #151
    • Bump eslint from 4.12.1 to 4.18.2: #122
    • Add prettier as a dev dependency: #135 #153
    • Use GitHub Actions CI: #154

    Credits

    Huge thanks to @ getsnoopy for helping!

  • 2.1.2 - 2019-06-06

    Patches

    • Fixed negative decimals less than -10 don't work: #111
    • Support error in case of Infinity: #116
    • Update regexp for 10-.5 is invalid input: #117
    • Update chat badge: #119

    Credits

    Huge thanks to @ yuler and @ 7ma7X for helping!

  • 2.1.1 - 2017-11-30

    Patches

    • Add full support for negative numbers: #104

    Credits

    Huge thanks to @ thevtm for helping!

  • 2.1.0 - 2017-11-30

    Minor Changes

    • Add "week" / "w" support: a2caead
    • Fixed match regex to support negative numbers: #96

    Patches

    • Applied a few text improvements: 15dc8c5
    • Fixed spelling of “millisecond” in description: #95
    • Lockfile added: 2425ebd

    Credits

    Huge thanks to @ yoavmmn and @ binki for helping!

  • 2.0.0 - 2017-05-16

    Major Changes

    • Limit str to 100 to avoid ReDoS of 0.3s: #89

    Patches

    • Ignored logs coming from npm: b1eaab7
    • Bumped dependencies to the latest version: bcf5715
    • Invalidated cache for slack badge: 94b995c

    Credits

    Huge thanks to @ karenyavine for their help!

from ms GitHub release notes
Package name: cfenv from cfenv GitHub release notes
Package name: consolidate
  • 0.16.0 - 2020-09-08
  • 0.15.1 - 2018-03-20
  • 0.15.0 - 2017-11-01
  • 0.14.5 - 2016-11-17
from consolidate GitHub release notes
Package name: dustjs-helpers
  • 1.7.4 - 2017-12-09

    Version 1.7.4

  • 1.7.3 - 2015-07-28

    Version 1.7.3

  • 1.7.2 - 2015-07-08

    Version 1.7.2

  • 1.7.1 - 2015-04-29

    Version 1.7.1

  • 1.7.0 - 2015-04-18

    Notable Changes

    {@ select}

    New behavior:

    • key is no longer required. If it is not provided, key must be present on individual truth tests inside the select block.
    • type can be attached to the select to apply it to all truth tests inside (and a truth test can override the type)
    • If a provided key is undefined and a type is provided, the undefined value will be cast to type.

    {@ default}

    {@ default} has been removed after being deprecated in 1.6.

    You can replace {@ default} with {@ none} in your templates without any change in functionality (but you can have more than one {@ none} block, and only one {@ default} was allowed.)

    {@ size}

    {@ size} will evaluate Dust template strings and provide the size of the result.

    Your name has {@ size key="{name}" /} letters.
    

    {@ math}

    {@ any} and {@ none} now work inside {@ math} blocks.

  • 1.6.3 - 2015-04-13

    Notable Changes

    • Fixes truth tests that were used with a context created from dust.makeBase in Dust <= 2.6.2 (most commonly seen if you use Adaro)
  • 1.6.2 - 2015-03-27

    Notable Changes

  • 1.6.1 - 2015-03-11

    Version 1.6.1

  • 1.6.0 - 2015-03-05

    The helpers can now be included as an AMD module alongside Dust 2.6.0 or newer.

    New helpers:

    • {@ any}, which executes if any truth test in a {@ select} block passes.
    • {@ none}, the opposite
    • {@ first}, executes on the first iteration of a loop
    • {@ last}... you get the idea

    Removed helpers: https://github.com/linkedin/dustjs-helpers/wiki/Deprecated-Features

    • {@ if} (use other truth test helpers or context helpers instead)
    • {@ idx} (use {$idx}, a Dust core built-in, instead
  • 1.5.0 - 2014-11-20
from dustjs-helpers GitHub release notes
Package name: errorhandler
  • 1.5.1 - 2019-05-09
    • deps: accepts@~1.3.7
      • deps: mime-types@~2.1.24
      • deps: negotiator@0.6.2
  • 1.5.0 - 2016-11-16
    • Pretty print JSON error response
    • deps: accepts@~1.3.3
      • deps: mime-types@~2.1.11
      • deps: negotiator@0.6.1
    • perf: front-load HTML template and stylesheet at middleware construction
    • perf: only load template and stylesheet once
    • perf: resolve file paths at start up
from errorhandler GitHub release notes
Package name: express-session
  • 1.18.0 - 2024-01-28
    • Add debug log for pathname mismatch
    • Add partitioned to cookie options
    • Add priority to cookie options
    • Fix handling errors from setting cookie
    • Support any type in secret that crypto.createHmac supports
    • deps: cookie@0.6.0
      • Fix expires option to reject invalid dates
      • perf: improve default decode speed
      • perf: remove slow string split in parse
    • deps: cookie-signature@1.0.7
  • 1.17.3 - 2022-05-11
    • Fix resaving already-saved new session at end of request
    • deps: cookie@0.4.2
  • 1.17.2 - 2021-05-19
    • Fix res.end patch to always commit headers
    • deps: cookie@0.4.1
    • deps: safe-buffer@5.2.1
from express-session GitHub release notes
Package name: hbs from hbs GitHub release notes
Package name: jquery from jquery GitHub release notes
Package name: marked
  • 4.3.0 - 2023-03-22

    4.3.0 (2023-03-22)

    Bug Fixes

    Features

  • 4.2.12 - 2023-01-14

    4.2.12 (2023-01-14)

    Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.

    Bug Fixes

    • revert to build script in ci (d2ab474)
  • 4.2.11 - 2023-01-14

    4.2.11 (2023-01-14)

    Bug Fixes

  • 4.2.10 - 2023-01-14

    4.2.10 (2023-01-14)

    Bug Fixes

  • 4.2.9 - 2023-01-14

    4.2.9 (2023-01-14)

    Bug Fixes

  • 4.2.8 - 2023-01-14

    4.2.8 (2023-01-14)

    Bug Fixes

    • build in postversion for build file version (60c3b7f)
  • 4.2.7 - 2023-01-14

    4.2.7 (2023-01-14)

    Bug Fixes

  • 4.2.6 - 2023-01-14

    4.2.6 (2023-01-14)

    Bug Fixes

    • add version to build files (79b8c0b)
  • 4.2.5 - 2022-12-23

    4.2.5 (2022-12-23)

    Bug Fixes

    • fix paragraph continuation after block element (#2686) (1bbda68)
    • fix tabs at beginning of list items (#2679) (e692634)
  • 4.2.4 - 2022-12-07

    4.2.4 (2022-12-07)

    Bug Fixes

  • 4.2.3 - 2022-11-20
  • 4.2.2 - 2022-11-05
  • 4.2.1 - 2022-11-02
  • 4.2.0 - 2022-10-31
  • 4.1.1 - 2022-10-01
  • 4.1.0 - 2022-08-30
  • 4.0.19 - 2022-08-21
  • 4.0.18 - 2022-07-11
  • 4.0.17 - 2022-06-13
  • 4.0.16 - 2022-05-17
  • 4.0.15 - 2022-05-02
  • 4.0.14 - 2022-04-11
  • 4.0.13 - 2022-04-08
  • 4.0.12 - 2022-01-27
  • 4.0.11 - 2022-01-26
  • 4.0.10 - 2022-01-13
from marked GitHub release notes
Package name: mongoose
  • 5.13.22 - 2024-01-02
  • 5.13.21 - 2023-10-19
  • 5.13.20 - 2023-07-12
from mongoose GitHub release notes
Package name: stream-buffers from stream-buffers GitHub release notes
Package name: typeorm
  • 0.3.20 - 2024-01-26

    Bug Fixes

    Features

    Reverts

  • 0.3.20-dev.fa86f6f - 2024-01-03
  • 0.3.20-dev.f232ba7 - 2024-01-26
  • 0.3.20-dev.dd8c0fd - 2024-01-26
  • 0.3.20-dev.d0b7670 - 2024-01-26
  • 0.3.20-dev.c22e30f - 2024-01-04
  • 0.3.20-dev.8f371f2 - 2024-01-26
  • 0.3.20-dev.8ebe769 - 2024-01-26
  • 0.3.20-dev.73e3b49 - 2024-01-03
  • 0.3.20-dev.62f574b - 2024-01-26
  • 0.3.20-dev.54d8d9e - 2024-01-26
  • 0.3.20-dev.1b34c9a - 2024-01-26
  • 0.3.20-dev.15de46f - 2024-01-08
  • 0.3.20-dev.0cab0dd - 2024-01-26
  • 0.3.20-dev.4624930 - 2024-01-26
  • 0.3.19 - 2024-01-03

    Bug Fixes

    • fixed Cannot read properties of undefined (reading 'sync') caused after glob package upgrade
  • 0.3.19-dev.633c4e3 - 2024-01-03
  • 0.3.18 -

Snyk has created this PR to upgrade:
  - adm-zip from 0.5.2 to 0.5.16.
    See this package in npm: https://www.npmjs.com/package/adm-zip
  - ms from 2.0.0 to 2.1.3.
    See this package in npm: https://www.npmjs.com/package/ms
  - cfenv from 1.2.2 to 1.2.4.
    See this package in npm: https://www.npmjs.com/package/cfenv
  - consolidate from 0.14.5 to 0.16.0.
    See this package in npm: https://www.npmjs.com/package/consolidate
  - dustjs-helpers from 1.5.0 to 1.7.4.
    See this package in npm: https://www.npmjs.com/package/dustjs-helpers
  - errorhandler from 1.5.0 to 1.5.1.
    See this package in npm: https://www.npmjs.com/package/errorhandler
  - express-session from 1.17.2 to 1.18.0.
    See this package in npm: https://www.npmjs.com/package/express-session
  - hbs from 4.1.2 to 4.2.0.
    See this package in npm: https://www.npmjs.com/package/hbs
  - jquery from 3.5.0 to 3.7.1.
    See this package in npm: https://www.npmjs.com/package/jquery
  - marked from 4.0.10 to 4.3.0.
    See this package in npm: https://www.npmjs.com/package/marked
  - mongoose from 5.13.20 to 5.13.22.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - stream-buffers from 3.0.2 to 3.0.3.
    See this package in npm: https://www.npmjs.com/package/stream-buffers
  - typeorm from 0.3.18 to 0.3.20.
    See this package in npm: https://www.npmjs.com/package/typeorm
  - validator from 13.7.0 to 13.12.0.
    See this package in npm: https://www.npmjs.com/package/validator

See this project in Snyk:
https://app.snyk.io/org/seballouche/project/c120f203-9c5f-47fa-9329-988f0fa59252?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment