Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #230

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #230

wants to merge 1 commit into from

Conversation

AlbertKogan
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mongoose The new version differs by 250 commits.
  • d4f507f chore: release 5.2.6
  • 7eac18c style: fix lint
  • e47b669 fix(populate): make error reported when no `localField` specified catchable
  • 1e27f09 test(populate): repro #6767
  • 2b5e18a fix(query): upgrade mquery for readConcern() helper
  • 2bf81e7 test: try skipping in before()
  • d5b43da test: more test fixes re: #6754
  • e91d404 test(transactions): skip nested suite if parent suite skipped
  • 22c6c33 fix(query): propagate top-level session down to `populate()`
  • 0f24449 test(query): repro #6754
  • bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
  • f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
  • 4071de4 Merge pull request #6771 from Automattic/gh6750
  • 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
  • 695cb6f test(document): repro #6779
  • 0ca947e docs(document): add missing params for `toObject()`
  • b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
  • 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
  • 451c50e test: add quick spot check for webpack build
  • a0aaa82 Merge branch 'master' into gh6750
  • 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
  • 28621a5 test(document): repro #6754
  • 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
  • 42ddc42 test(connection): repro #6756

See the full diff

Package name: tap The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
591a9c6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlbertKogan @snyk-bot