Skip to content

[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #20

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #20

wants to merge 1 commit into from

Conversation

ManuelDevWeb
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade bcrypt from 5.0.1 to 5.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 7 months ago, on 2023-08-16.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 410/1000
Why? CVSS 8.2		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 410/1000
Why? CVSS 8.2		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147		 410/1000
Why? CVSS 8.2		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152		 410/1000
Why? CVSS 8.2		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579155		 410/1000
Why? CVSS 8.2		 No Known Exploit
Information Exposure
SNYK-JS-NODEFETCH-2342118		 410/1000
Why? CVSS 8.2		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 410/1000
Why? CVSS 8.2		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: bcrypt from bcrypt GitHub release notes
Commit messages
Package name: bcrypt
  • a0a88a8 Update script for packaging inside docker
  • 1969d96 Run github actions for windows, macos, linux
  • 33043f5 v5.1.1
  • 571d7ab Merge pull request #993 from kelektiv/deps-update
  • 24aa2a2 Update dependencies
  • 11d2ddd Merge pull request #968 from laijonathan/zos_fix
  • 0884c5b Merge pull request #894 from lpizzinidev/patch-1
  • fc225b1 Merge pull request #960 from kelektiv/release-v5-1-0
  • 809ad03 Prepare for v5.1.0
  • 9eec9e8 Merge pull request #959 from kelektiv/release-v5-1-0
  • b309eaf Pin NAPI to v3
  • 9d6516a Merge pull request #958 from kelektiv/jest
  • 5a2b952 Increase test timeout
  • 8d201d1 Move tests to use Jest
  • 5a7082a Merge pull request #955 from kelektiv/github-actions
  • fd00ae0 reverted bcrypt.js changes
  • 4c99e9e fix build errors
  • ee9117c changed node version <16
  • e08fdff added napi exception flag
  • ac42d3f added node < v16 condition
  • 8ce7edc removed -q flags
  • fa5bc55 Fix github actions
  • 86aa111 Merge pull request #953 from kelektiv/version-update
  • 094dc94 Remove x86 for newer node

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@vercel Vercel
Copy link

vercel bot commented Mar 22, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
project-autentication-passwordjs ❌ Failed (Inspect) Mar 22, 2024 6:55pm
projectautenticationpasswordjs ❌ Failed (Inspect) Mar 22, 2024 6:55pm

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ManuelDevWeb @snyk-bot