Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #83

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #83

wants to merge 1 commit into from

Conversation

JEStaubach
Copy link
Collaborator

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: apollo The new version differs by 250 commits.
  • 58b9637 Release
  • 199523a Revert "Release"
  • 9f7d75b Release
  • 881abfa Revert "Release"
  • 2882a7e Disable Windows tests for now
  • c976d83 Release
  • c83d41b Update changelog
  • 3b5ccd9 chore(deps): update all non-major dependencies (#2597)
  • addde07 chore(deps): update dependency await-to-js to v3 (#2599)
  • 5fe5b0c chore(deps): update dependency glob to v8 (#2594)
  • 785f64c chore(deps): update dependency global-agent to v3 (#2601)
  • 5d62e97 chore(deps): update dependency @ oclif/plugin-autocomplete to v1.3.0 (#2608)
  • 0af6969 chore(deps): update dependency nock to v13 (#2602)
  • 763fc26 chore(deps): update dependency @ endemolshinegroup/cosmiconfig-typescript-loader to v3 (#2598)
  • a5042db chore(deps): update dependency apollo-datasource to v3 (#2542)
  • cfe529b chore(deps): update dependency prettier to v2 (#2603)
  • 8e423ac chore(deps): update dependency strip-ansi to v7 (#2604)
  • 5695833 chore(deps): update dependency ts-node to v10 (#2605)
  • d094b02 chore(deps): update dependency vscode-languageserver to v7 (#2607)
  • fb8d043 Remove unused tslib dependency
  • e60ffd7 chore(deps): update jest monorepo (#2596)
  • 7f2d081 Revert "chore(deps): update all non-major dependencies (#2586)"
  • e89d9a1 chore(deps): update all non-major dependencies (#2586)
  • 27a2069 chore(deps): update dependency moment to v2.29.2 [security] (#2593)

See the full diff

Package name: babel-eslint The new version differs by 6 commits.
  • 4bd049e 10.1.0
  • 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
  • 183d13e 10.0.3
  • 354953d fix: require eslint dependencies from eslint base (#794)
  • 48f6d78 10.0.2
  • 0241b48 removed unused file reference (#773)

See the full diff

Package name: sequelize The new version differs by 250 commits.
  • 901bceb 6.1.0
  • 6b32821 6.0.0-beta.7
  • 0ca8d72 docs: prepare for v6 release (#12416)
  • 663261b feat(sequelize): allow passing dialectOptions.options from url (#12404)
  • c6e4192 fix(postgres): parse enums correctly when describing a table (#12409)
  • e33d2bd fix(reload): include default scope (#12399)
  • 5611ef0 build: update dependencies (#12395)
  • e80501d fix(types): transactionType in Options (#12377)
  • 4914367 fix(types): add clientMinMessages to Options interface (#12375)
  • b71cd05 fix(query): preserve cls context for logger (#12328)
  • 95f7fb5 fix(mssql): empty order array generates invalid FETCH statement (#12261)
  • ed2d7a9 fix(model.destroy): return 0 with truncate (#12281)
  • 72925cf fix: add missing fields to 'FindOrCreateType' (#12338)
  • f367191 fix(query-generator): do not generate GROUP BY clause if options.group is empty (#12343)
  • 7afd589 docs(sequelize): omitNull only works for CREATE/UPDATE queries
  • f9e660f docs: update feature request template
  • 2bf7f7b fix(typings): add support for optional values in "where" clauses (#12337)
  • 65a9e1e fix(types): add Association into OrderItem type (#12332)
  • 1b86729 docs: responsive (#12308)
  • 59b8a7b fix(include): check if attributes specified for included through model (#12316)
  • 6d87cc5 docs(associations): belongs to many create with through table
  • a2dcfa0 fix(query): ensure correct return signature for QueryTypes.RAW (#12305)
  • 0769aea refactor: cleanup query generators (#12304)
  • 4d9165b feat(postgres): native upsert (#12301)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
8c4dfe0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JEStaubach @snyk-bot