Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: async, bcrypt, eslint, express-session, moment, mongoose, passport, winston #349

Merged
merged 1 commit into from
Sep 20, 2024

Conversation

vinitkumar
Copy link
Owner

@vinitkumar vinitkumar commented Sep 18, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

async
from 3.2.2 to 3.2.6 | 4 versions ahead of your current version | a month ago
on 2024-08-19
bcrypt
from 5.0.1 to 5.1.1 | 2 versions ahead of your current version | a year ago
on 2023-08-16
eslint
from 9.0.0 to 9.9.1 | 11 versions ahead of your current version | a month ago
on 2024-08-23
express-session
from 1.17.1 to 1.18.0 | 3 versions ahead of your current version | 8 months ago
on 2024-01-28
moment
from 2.29.1 to 2.30.1 | 5 versions ahead of your current version | 9 months ago
on 2023-12-27
mongoose
from 5.13.20 to 5.13.22 | 2 versions ahead of your current version | 9 months ago
on 2024-01-02
passport
from 0.3.2 to 0.7.0 | 8 versions ahead of your current version | 10 months ago
on 2023-11-27
winston
from 3.3.3 to 3.14.2 | 20 versions ahead of your current version | a month ago
on 2024-08-14

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Directory Traversal
SNYK-JS-MOMENT-2440688
589 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238
589 Proof of Concept
medium severity Session Fixation
SNYK-JS-PASSPORT-2840631
589 No Known Exploit
Release notes
Package name: async from async GitHub release notes
Package name: bcrypt from bcrypt GitHub release notes
Package name: eslint
  • 9.9.1 - 2024-08-23

    Bug Fixes

    • 9bde90c fix: add logic to handle fixTypes in lintText() (#18736) (Amaresh S M)

    Documentation

    • 4840930 docs: Update README with version support and clean up content (#18804) (Nicholas C. Zakas)
    • f61f40d docs: Update globals examples (#18805) (Nicholas C. Zakas)
    • 241fcea docs: Use and define languages (#18795) (Nicholas C. Zakas)
    • 5dbdd63 docs: eslint-plugin-markdown -> @ eslint/markdown (#18797) (Nicholas C. Zakas)
    • c6c8ddd docs: update links to eslint-visitor-keys repo (#18796) (Francesco Trotta)
    • f981d05 docs: Update README (GitHub Actions Bot)
    • b516974 docs: update links to eslint/js repo (#18781) (Francesco Trotta)
    • fb7a3f5 docs: update note for package managers (#18779) (Jay)

    Chores

    • b0c34d0 chore: upgrade to @ eslint/js@9.9.1 (#18809) (Francesco Trotta)
    • cd5a0da chore: package.json update for @ eslint/js release (Jenkins)
    • e112642 refactor: Extract parsing logic from Linter (#18790) (Nicholas C. Zakas)
    • 0f68a85 chore: use eslint-plugin-yml on yaml files only (#18801) (Milos Djermanovic)
    • f8d1b3c chore: update dependencies for browser tests (#18794) (Christian Bromann)
    • aed2624 chore: update dependency @ eslint/config-array to ^0.18.0 (#18788) (renovate[bot])
    • 5c29128 chore: update dependency @ eslint/core to ^0.4.0 (#18789) (renovate[bot])
    • 5d66fb2 chore: migrate linting workflow to use trunk check meta-linter (#18643) (Chris Clearwater)
    • bf96855 chore: add ids to github issue templates (#18775) (Strek)
  • 9.9.0 - 2024-08-09

    Features

    • 41d0206 feat: Add support for TS config files (#18134) (Arya Emami)
    • 3a4eaf9 feat: add suggestion to require-await to remove async keyword (#18716) (Dave)

    Documentation

    • 9fe068c docs: how to author plugins with configs that extend other configs (#18753) (Alec Gibson)
    • 48117b2 docs: add version support page in the side navbar (#18738) (Amaresh S M)
    • fec2951 docs: add version support page to the dropdown (#18730) (Amaresh S M)
    • 38a0661 docs: Fix typo (#18735) (Zaina Al Habash)
    • 3c32a9e docs: Update yarn command for creating ESLint config (#18739) (Temitope Ogunleye)
    • f9ac978 docs: Update README (GitHub Actions Bot)

    Chores

    • 461b2c3 chore: upgrade to @ eslint/js@9.9.0 (#18765) (Francesco Trotta)
    • 59dba1b chore: package.json update for @ eslint/js release (Jenkins)
    • fea8563 chore: update dependency @ eslint/core to ^0.3.0 (#18724) (renovate[bot])
    • aac191e chore: update dependency @ eslint/json to ^0.3.0 (#18760) (renovate[bot])
    • b97fa05 chore: update wdio dependencies for more stable tests (#18759) (Christian Bromann)
  • 9.8.0 - 2024-07-26

    Features

    • 13d0bd3 feat: Add and use SourceCode#getLoc/getRange (#18703) (Nicholas C. Zakas)

    Bug Fixes

    • ab0ff27 fix: Throw error when invalid flags passed (#18705) (Nicholas C. Zakas)
    • 70dc803 fix: basePath directory can never be ignored (#18711) (Milos Djermanovic)

    Documentation

    Build Related

    • 4514424 build: Enable JSON linting (#18681) (Nicholas C. Zakas)

    Chores

    • deee448 chore: upgrade to @ eslint/js@9.8.0 (#18720) (Francesco Trotta)
    • 4aaf2b3 chore: package.json update for @ eslint/js release (Jenkins)
    • 8e1a627 chore: update dependency @ eslint/core to ^0.2.0 (#18700) (renovate[bot])
  • 9.7.0 - 2024-07-12

    Features

    • 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota)
    • 1381394 feat: add regex option in no-restricted-imports (#18622) (Nitin Kumar)

    Bug Fixes

    • 14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636) (Francesco Trotta)

    Documentation

    • 9f416db docs: Add Powered by Algolia label to the search. (#18633) (Amaresh S M)
    • c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#18649) (Milos Djermanovic)
    • 6e79ac7 docs: loadESLint does not support option cwd (#18641) (Francesco Trotta)

    Chores

    • 793b718 chore: upgrade @ eslint/js@9.7.0 (#18680) (Francesco Trotta)
    • 7ed6f9a chore: package.json update for @ eslint/js release (Jenkins)
    • 7bcda76 refactor: Add type references (#18652) (Nicholas C. Zakas)
    • 51bf57c chore: add tech sponsors through actions (#18624) (Strek)
    • 6320732 refactor: don't use parent property in NodeEventGenerator (#18653) (Milos Djermanovic)
    • 9e6d640 refactor: move "Parsing error" prefix adding to Linter (#18650) (Milos Djermanovic)
  • 9.6.0 - 2024-06-28

    Features

    • e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
    • 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)

    Bug Fixes

    • 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
    • 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
    • d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
    • f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)

    Documentation

    • 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
    • 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
    • 44915bb docs: Update README (GitHub Actions Bot)
    • d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

    Chores

    • b15ee30 chore: upgrade @ eslint/js@9.6.0 (#18632) (Milos Djermanovic)
    • d655503 chore: package.json update for @ eslint/js release (Jenkins)
    • 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
    • 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
    • d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
    • 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
    • 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
    • c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
    • 3379164 chore: remove .eslintrc.js (#18011) (唯然)
    • d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)
  • 9.5.0 - 2024-06-14

    Features

    • b2d256c feat: no-sparse-arrays report on "comma" instead of the whole array (#18579) (fisker Cheung)

    Bug Fixes

    • 6880286 fix: treat * as a universal pattern (#18586) (Milos Djermanovic)
    • 7fbe211 fix: message template for all files ignored (#18564) (Milos Djermanovic)
    • 469cb36 fix: Don't lint the same file multiple times (#18552) (Milos Djermanovic)
    • 5cff638 fix: improve message for ignored files without a matching config (#18404) (Francesco Trotta)

    Documentation

    • 455f7fd docs: add section about including .gitignore files (#18590) (Milos Djermanovic)
    • 721eafe docs: update info about universal files patterns (#18587) (Francesco Trotta)
    • 8127127 docs: Update README (GitHub Actions Bot)
    • 55c2a66 docs: Update README (GitHub Actions Bot)
    • eb76282 docs: Update README (GitHub Actions Bot)
    • ff6e96e docs: baseConfig and overrideConfig can be arrays (#18571) (Milos Djermanovic)
    • d2d83e0 docs: Add mention of eslint-transforms to v9 migration guide (#18566) (Nicholas C. Zakas)
    • 9ce6832 docs: add callout box for unintuitive behavior (#18567) (Ben McCann)
    • b8db99c docs: Add VS Code info to config migration guide (#18555) (Nicholas C. Zakas)
    • 518a35c docs: Mention config migrator (#18561) (Nicholas C. Zakas)
    • eb440fc docs: specifying files with arbitrary or no extension (Reviewable

Snyk has created this PR to upgrade:
  - async from 3.2.2 to 3.2.6.
    See this package in npm: https://www.npmjs.com/package/async
  - bcrypt from 5.0.1 to 5.1.1.
    See this package in npm: https://www.npmjs.com/package/bcrypt
  - eslint from 9.0.0 to 9.9.1.
    See this package in npm: https://www.npmjs.com/package/eslint
  - express-session from 1.17.1 to 1.18.0.
    See this package in npm: https://www.npmjs.com/package/express-session
  - moment from 2.29.1 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - mongoose from 5.13.20 to 5.13.22.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - passport from 0.3.2 to 0.7.0.
    See this package in npm: https://www.npmjs.com/package/passport
  - winston from 3.3.3 to 3.14.2.
    See this package in npm: https://www.npmjs.com/package/winston

See this project in Snyk:
https://app.snyk.io/org/vinitkumar/project/a8047beb-d71d-44cb-8248-57c85798043c?utm_source=github&utm_medium=referral&page=upgrade-pr
@vinitkumar vinitkumar merged commit b4e2fdb into develop Sep 20, 2024
3 checks passed
@vinitkumar vinitkumar deleted the snyk-upgrade-8189f2b5ea13bfca2ac4b8a9b374ff91 branch September 20, 2024 07:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants