[Snyk] Upgrade: , , , cookie-session, express, express-validator, mongoose, stripe, typescript #113
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @types/express from 4.17.13 to 4.17.21.
See this package in npm: https://www.npmjs.com/package/@types/express
- @types/cookie-session from 2.0.44 to 2.0.49.
See this package in npm: https://www.npmjs.com/package/@types/cookie-session
- @types/jsonwebtoken from 8.5.8 to 8.5.9.
See this package in npm: https://www.npmjs.com/package/@types/jsonwebtoken
- cookie-session from 2.0.0 to 2.1.0.
See this package in npm: https://www.npmjs.com/package/cookie-session
- express from 4.18.1 to 4.19.2.
See this package in npm: https://www.npmjs.com/package/express
- express-validator from 6.14.0 to 6.15.0.
See this package in npm: https://www.npmjs.com/package/express-validator
- mongoose from 8.0.0 to 8.5.4.
See this package in npm: https://www.npmjs.com/package/mongoose
- stripe from 9.1.0 to 9.16.0.
See this package in npm: https://www.npmjs.com/package/stripe
- typescript from 4.6.4 to 4.9.5.
See this package in npm: https://www.npmjs.com/package/typescript
See this project in Snyk:
https://app.snyk.io/org/alexandersck/project/715ad775-9d02-4d91-afe3-c1ae2df048e6?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@types/express
from 4.17.13 to 4.17.21 | 8 versions ahead of your current version | 10 months ago
on 2023-11-07
@types/cookie-session
from 2.0.44 to 2.0.49 | 5 versions ahead of your current version | 5 months ago
on 2024-04-17
@types/jsonwebtoken
from 8.5.8 to 8.5.9 | 1 version ahead of your current version | 2 years ago
on 2022-08-24
cookie-session
from 2.0.0 to 2.1.0 | 1 version ahead of your current version | 8 months ago
on 2024-01-24
express
from 4.18.1 to 4.19.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-25
express-validator
from 6.14.0 to 6.15.0 | 4 versions ahead of your current version | 2 years ago
on 2023-02-16
mongoose
from 8.0.0 to 8.5.4 | 30 versions ahead of your current version | 22 days ago
on 2024-08-23
stripe
from 9.1.0 to 9.16.0 | 18 versions ahead of your current version | 2 years ago
on 2022-07-26
typescript
from 4.6.4 to 4.9.5 | 259 versions ahead of your current version | 2 years ago
on 2023-01-30
Issues fixed by the recommended upgrade:
SNYK-JS-EXPRESS-6474509
Release notes
Package name: @types/express
-
4.17.21 - 2023-11-07
-
4.17.20 - 2023-10-18
-
4.17.19 - 2023-10-10
-
4.17.18 - 2023-09-23
-
4.17.17 - 2023-02-03
-
4.17.16 - 2023-01-23
-
4.17.15 - 2022-12-13
-
4.17.14 - 2022-09-13
-
4.17.13 - 2021-07-06
from @types/express GitHub release notesPackage name: @types/cookie-session
-
2.0.49 - 2024-04-17
-
2.0.48 - 2023-11-20
-
2.0.47 - 2023-11-07
-
2.0.46 - 2023-10-18
-
2.0.45 - 2023-09-04
-
2.0.44 - 2021-12-23
from @types/cookie-session GitHub release notesPackage name: @types/jsonwebtoken
-
8.5.9 - 2022-08-24
-
8.5.8 - 2022-01-17
from @types/jsonwebtoken GitHub release notesPackage name: cookie-session
-
2.1.0 - 2024-01-24
- Fix loading sessions with special keys
- deps: cookies@0.9.1
- Add
- Add
- Fix accidental cookie name/value truncation when given invalid chars
- Fix
- Remove quotes from returned quoted cookie value
- Use
- pref: small lookup regexp optimization
-
2.0.0 - 2021-12-16
- Change default cookie name to
- Change
- Create new session for all types of invalid sessions
- Drop support for Node.js 0.8
- Remove private
- Remove the
- Remove undocumented
- Remove undocumented
- Save all enumerable properties on
- Including
- Use
- Use
- deps: cookies@0.8.0
- Fix check for default
- Fix
- Support
- deps: depd@~2.0.0
- deps: keygrip@~1.1.0
- perf: remove argument reassignment
- deps: debug@3.2.7
- Add
- Add 256 color mode support
- Enable / disable namespaces dynamically
- Make millisecond timer namespace-specific
- Remove
- Use
- deps: on-headers@~1.0.2
- Fix
- deps: safe-buffer@5.2.1
- perf: reduce the scope of try-catch deopt
- perf: remove internal reference to request from session object
from cookie-session GitHub release notespartitionedoption for CHIPS supportpriorityoption for Priority cookie supportmaxAgeoption to reject invalid valuesreq.socketover deprecatedreq.connectionsession.populatedto.isPopulatedreq.session.save()keyoption; usenameinsteadreq.session.lengthto free up key namereq.sessionCookiesandreq.sessionKeyreq.session_-prefixed propertiesObject.definePropertyinstead of deprecated__define*__safe-bufferfor improved Buffer APIsecureoption behaviormaxAgeoption preventing cookie deletion"none"insameSiteoptionDEBUG_HIDE_DATEDEBUG_FDsupportDate#toISOString()when output is not a TTYres.writeHeadpatch missing return valuePackage name: express
-
4.19.2 - 2024-03-25
-
4.19.1 - 2024-03-20
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
-
4.19.0 - 2024-03-20
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
- @ crandmck made their first contribution in #5541
-
4.18.3 - 2024-02-29
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add Node.js@19.7 by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
-
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0
-
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
from express GitHub release notesWhat's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3
Package name: express-validator
-
6.15.0 - 2023-02-16
- chore(deps): bump ua-parser-js from 0.7.32 to 0.7.33 by @ dependabot in #1208
- chore(deps): bump eta from 1.12.3 to 2.0.0 by @ dependabot in #1211
- chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 by @ dependabot in #1210
- feat: update to support validator 13.9.0 by @ fedeci in #1212
-
6.14.3 - 2023-01-20
- docs: fixed typo in sanitization chain example by @ ankushknr19 in #1195
- fixed infinite recursion when the request has a field called
- @ ankushknr19 made their first contribution in #1195
-
6.14.2 - 2022-06-19
- correctly run
- @ tonysamperi made their first contribution in #1156
-
6.14.1 - 2022-05-22
- Add
- chore(deps): bump shelljs from 0.8.4 to 0.8.5 by @ dependabot in #1128
- chore(deps): bump ajv from 6.11.0 to 6.12.6 by @ dependabot in #1129
- chore(deps): bump prismjs from 1.25.0 to 1.27.0 by @ dependabot in #1135
- docs: remove dependencies status badge by @ gustavohenke in #1131
- chore(deps): bump minimist from 1.2.5 to 1.2.6 by @ dependabot in #1142
- chore(deps): bump async from 2.6.3 to 2.6.4 by @ dependabot in #1147
- Add missing
- @ daenamkim made their first contribution in #1120
-
6.14.0 - 2021-12-11
- feat: update
- chore(deps): bump tmpl from 1.0.4 to 1.0.5 by @ dependabot in #1116
- chore(deps): bump path-parse from 1.0.6 to 1.0.7 by @ dependabot in #1118
- chore(deps): bump prismjs from 1.24.0 to 1.25.0 by @ dependabot in #1117
from express-validator GitHub release notesWhat's Changed
Full Changelog: v6.14.3...v6.15.0
What's Changed
*(#1205)New Contributors
Full Changelog: v6.14.2...v6.14.3
What's Changed
.matcheswhen passing regex object by @ tonysamperi in #1156New Contributors
Full Changelog: v6.14.1...v6.14.2
What's Changed
validationResult()for schema validation example by @ daenamkim in #1120SKpostal code - #1144New Contributors
Full Changelog: v6.14.0...v6.14.1
What's Changed
validatorto13.7by @ fedeci in #1115Full Changelog: v6.13.0...v6.14.0
Package name: mongoose
-
8.5.4 - 2024-08-23
- fix: add empty string check for collection name passed #14806 Shubham2552
- docs(model): add 'throw' as valid strict value for bulkWrite() and add some more clarification on throwOnValidationError #14809
-
8.5.3 - 2024-08-13
- fix(document): call required functions on subdocuments underneath nested paths with correct context #14801 #14788
- fix(populate): avoid throwing error when no result and
- fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility #14774 #14771 #14623 #14394
- types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & #14800 #14793
- types: support schema type inference based on schema options timestamps as well #14773 #13215 ark23CIS
- types(cursor): indicate that cursor.next() can return null #14798 #14787
- types: allow mongoose.connection.db to be undefined #14797 #14789
- docs: add schema type widening advice #14790 JstnMcBrd
-
8.5.2 - 2024-07-30
- perf(clone): avoid further unnecessary checks if cloning a primitive value #14762 #14394
- fix: allow setting document array default to null #14769 #14717 #6691
- fix(model): support session: null option for save() to opt out of automatic session option with transactionAsyncLocalStorage #14744 #14736
- fix(model+document): avoid depopulating manually populated doc as getter value #14760 #14759
- fix: correct shardkey access in buildBulkWriteOps #14753 #14752 adf0nt3s
- fix(query): handle casting $switch in $expr #14755 #14751
- types: allow calling SchemaType.cast() without parent and init parameters #14756 #14748 #9076
- docs: fix a wrong example in v6 migration guide #14758 abdelrahman-elkady
-
8.5.1 - 2024-07-12
-
8.5.0 - 2024-07-08
-
8.4.5 - 2024-07-05
-
8.4.4 - 2024-06-25
-
8.4.3 - 2024-06-17
-
8.4.2 - 2024-06-17
-
8.4.1 - 2024-05-31
-
8.4.0 - 2024-05-17
-
8.3.5 - 2024-05-15
-
8.3.4 - 2024-05-06
-
8.3.3 - 2024-04-29
-
8.3.2 - 2024-04-16
-
8.3.1 - 2024-04-08
-
8.3.0 - 2024-04-03
-
8.2.4 - 2024-03-28
-
8.2.3 - 2024-03-21
-
8.2.2 - 2024-03-15
-
8.2.1 - 2024-03-04
-
8.2.0 - 2024-02-22
-
8.1.3 - 2024-02-16
-
8.1.2 - 2024-02-11
-
8.1.1 - 2024-01-24
-
8.1.0 - 2024-01-16
-
8.0.4 - 2024-01-09
-
8.0.3 - 2023-12-07
-
8.0.2 - 2023-11-28
-
8.0.1 - 2023-11-15
-
8.0.0 - 2023-10-31
from8.5.4 / 2024-08-23
8.5.3 / 2024-08-13
lean()set #14799 #14794 #14759 MohOraby8.5.2 / 2024-07-30