Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #270

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #270

wants to merge 2 commits into from

Conversation

twilio-product-security
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 250 commits.
  • 439e8e6 4.7.0
  • 2ec62f9 Build: changelog update for 4.7.0
  • 787b78b Upgrade: Espree v3.5.1 (fixes #9153) (#9314)
  • 1488b51 Update: run rules after `node.parent` is already set (fixes #9122) (#9283)
  • 4431d68 Docs: fix wrong config in max-len example. (#9309)
  • 9d1df92 Chore: Revert "avoid handling Rules instances in config-validator" (#9295)
  • 7d24dde Docs: Fix code snippet to refer to the correct option (#9313)
  • 12388d4 �Chore: rewrite parseListConfig for a small perf gain. (#9300)
  • ce1f084 Update: fix MemberExpression handling in no-extra-parens (fixes #9156)
  • 0c720a3 Update: allow autofixing when using processors (fixes #7510) (#9090)
  • 838df76 Chore: upgrade deps. (#9289)
  • f12def6 Update: indent flatTernary option to handle `return` (fixes #9285) (#9296)
  • e220687 Fix: remove autofix for var undef inits (fixes #9231) (#9288)
  • 002e199 Docs: fix no-restricted-globals wrong config. (#9305)
  • fcfe91a Docs: fix wrong config in id-length example. (#9303)
  • 2731f94 Update: make newline-per-chained-call fixable (#9149)
  • 61f1093 Chore: avoid monkeypatching Linter instances in RuleTester (#9276)
  • 28929cb Chore: remove Linter#reset (refs #9161) (#9268)
  • abc8634 Build: re-run browserify when generating site (#9275)
  • 7685fed Fix: IIFE and arrow functions in no-invalid-this (fixes #9126) (#9258)
  • 7c95d5d Chore: avoid handling Rules instances in config-validator (#9277)
  • 2b1eba2 Chore: enable eslint-plugin/no-deprecated-context-methods (#9279)
  • 981f933 Fix: reuse the AST of source code object in verify (#9256)
  • cd698ba Docs: move RuleTester documentation to Node.js API page (#9273)

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • d4f507f chore: release 5.2.6
  • 7eac18c style: fix lint
  • e47b669 fix(populate): make error reported when no `localField` specified catchable
  • 1e27f09 test(populate): repro #6767
  • 2b5e18a fix(query): upgrade mquery for readConcern() helper
  • 2bf81e7 test: try skipping in before()
  • d5b43da test: more test fixes re: #6754
  • e91d404 test(transactions): skip nested suite if parent suite skipped
  • 22c6c33 fix(query): propagate top-level session down to `populate()`
  • 0f24449 test(query): repro #6754
  • bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
  • f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
  • 4071de4 Merge pull request #6771 from Automattic/gh6750
  • 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
  • 695cb6f test(document): repro #6779
  • 0ca947e docs(document): add missing params for `toObject()`
  • b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
  • 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
  • 451c50e test: add quick spot check for webpack build
  • a0aaa82 Merge branch 'master' into gh6750
  • 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
  • 28621a5 test(document): repro #6754
  • 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
  • 42ddc42 test(connection): repro #6756

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twilio-product-security @snyk-bot