Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: , , , , , , socket.io, bcrypt, class-validator, dotenv, express, nodemon, reflect-metadata, ts-node, type, typeorm, typescript #59

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: , , , , , , socket.io, bcrypt, class-validator, dotenv, express, nodemon, reflect-metadata, ts-node, type, typeorm, typescript #59

wants to merge 1 commit into from

Conversation

charley04310
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@types/node
from 18.11.11 to 18.19.48 | 135 versions ahead of your current version | 22 days ago
on 2024-09-01
@types/express
from 4.17.14 to 4.17.21 | 7 versions ahead of your current version | a year ago
on 2023-11-07
@types/cookie-parser
from 1.4.3 to 1.4.7 | 4 versions ahead of your current version | 7 months ago
on 2024-02-29
@types/multer
from 1.4.7 to 1.4.12 | 5 versions ahead of your current version | a month ago
on 2024-08-23
@types/nodemon
from 1.19.2 to 1.19.6 | 4 versions ahead of your current version | 10 months ago
on 2023-11-21
@types/request-promise
from 4.1.48 to 4.1.51 | 3 versions ahead of your current version | a year ago
on 2023-11-07
socket.io
from 4.5.4 to 4.7.5 | 10 versions ahead of your current version | 6 months ago
on 2024-03-14
bcrypt
from 5.1.0 to 5.1.1 | 1 version ahead of your current version | a year ago
on 2023-08-16
class-validator
from 0.14.0 to 0.14.1 | 1 version ahead of your current version | 8 months ago
on 2024-01-12
dotenv
from 16.0.3 to 16.4.5 | 17 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
nodemon
from 2.0.20 to 2.0.22 | 2 versions ahead of your current version | 2 years ago
on 2023-03-22
reflect-metadata
from 0.1.13 to 0.2.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-29
ts-node
from 10.9.1 to 10.9.2 | 1 version ahead of your current version | 9 months ago
on 2023-12-08
type
from 2.7.2 to 2.7.3 | 1 version ahead of your current version | 4 months ago
on 2024-05-30
typeorm
from 0.3.11 to 0.3.20 | 135 versions ahead of your current version | 8 months ago
on 2024-01-26
typescript
from 4.9.3 to 4.9.5 | 2 versions ahead of your current version | 2 years ago
on 2023-01-30

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 696 Proof of Concept
high severity Uncaught Exception
SNYK-JS-ENGINEIO-5496331		 696 No Known Exploit
high severity Uncaught Exception
SNYK-JS-SOCKETIO-7278048		 696 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-5596892		 696 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874		 696 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 696 No Known Exploit
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 696 Proof of Concept
Release notes
Package name: @types/node
  • 18.19.48 - 2024-09-01
  • 18.19.47 - 2024-08-28
  • 18.19.46 - 2024-08-26
  • 18.19.45 - 2024-08-19
  • 18.19.44 - 2024-08-09
  • 18.19.43 - 2024-08-02
  • 18.19.42 - 2024-07-23
  • 18.19.41 - 2024-07-18
  • 18.19.40 - 2024-07-16
  • 18.19.39 - 2024-06-22
  • 18.19.38 - 2024-06-20
  • 18.19.37 - 2024-06-19
  • 18.19.36 - 2024-06-17
  • 18.19.35 - 2024-06-17
  • 18.19.34 - 2024-06-03
  • 18.19.33 - 2024-05-08
  • 18.19.32 - 2024-05-06
  • 18.19.31 - 2024-04-09
  • 18.19.30 - 2024-04-05
  • 18.19.29 - 2024-04-02
  • 18.19.28 - 2024-03-30
  • 18.19.27 - 2024-03-30
  • 18.19.26 - 2024-03-19
  • 18.19.25 - 2024-03-18
  • 18.19.24 - 2024-03-13
  • 18.19.23 - 2024-03-11
  • 18.19.22 - 2024-03-06
  • 18.19.21 - 2024-02-29
  • 18.19.20 - 2024-02-28
  • 18.19.19 - 2024-02-27
  • 18.19.18 - 2024-02-22
  • 18.19.17 - 2024-02-15
  • 18.19.16 - 2024-02-15
  • 18.19.15 - 2024-02-08
  • 18.19.14 - 2024-02-01
  • 18.19.13 - 2024-02-01
  • 18.19.12 - 2024-01-31
  • 18.19.11 - 2024-01-30
  • 18.19.10 - 2024-01-26
  • 18.19.9 - 2024-01-24
  • 18.19.8 - 2024-01-17
  • 18.19.7 - 2024-01-15
  • 18.19.6 - 2024-01-09
  • 18.19.5 - 2024-01-07
  • 18.19.4 - 2023-12-30
  • 18.19.3 - 2023-12-07
  • 18.19.2 - 2023-12-03
  • 18.19.1 - 2023-12-01
  • 18.19.0 - 2023-11-30
  • 18.18.14 - 2023-11-29
  • 18.18.13 - 2023-11-23
  • 18.18.12 - 2023-11-22
  • 18.18.11 - 2023-11-21
  • 18.18.10 - 2023-11-18
  • 18.18.9 - 2023-11-07
  • 18.18.8 - 2023-10-31
  • 18.18.7 - 2023-10-25
  • 18.18.6 - 2023-10-18
  • 18.18.5 - 2023-10-12
  • 18.18.4 - 2023-10-06
  • 18.18.3 - 2023-10-02
  • 18.18.2 - 2023-10-02
  • 18.18.1 - 2023-09-29
  • 18.18.0 - 2023-09-25
  • 18.17.19 - 2023-09-23
  • 18.17.18 - 2023-09-20
  • 18.17.17 - 2023-09-16
  • 18.17.16 - 2023-09-15
  • 18.17.15 - 2023-09-08
  • 18.17.14 - 2023-09-02
  • 18.17.13 - 2023-09-01
  • 18.17.12 - 2023-08-28
  • 18.17.11 - 2023-08-24
  • 18.17.10 - 2023-08-24
  • 18.17.9 - 2023-08-23
  • 18.17.8 - 2023-08-22
  • 18.17.7 - 2023-08-22
  • 18.17.6 - 2023-08-18
  • 18.17.5 - 2023-08-11
  • 18.17.4 - 2023-08-08
  • 18.17.3 - 2023-08-05
  • 18.17.2 - 2023-08-04
  • 18.17.1 - 2023-07-25
  • 18.17.0 - 2023-07-22
  • 18.16.20 - 2023-07-21
  • 18.16.19 - 2023-06-30
  • 18.16.18 - 2023-06-13
  • 18.16.17 - 2023-06-10
  • 18.16.16 - 2023-05-26
  • 18.16.15 - 2023-05-25
  • 18.16.14 - 2023-05-21
  • 18.16.13 - 2023-05-18
  • 18.16.12 - 2023-05-16
  • 18.16.11 - 2023-05-16
  • 18.16.10 - 2023-05-16
  • 18.16.9 - 2023-05-13
  • 18.16.8 - 2023-05-11
  • 18.16.7 - 2023-05-10
  • 18.16.6 - 2023-05-08
  • 18.16.5 - 2023-05-05
  • 18.16.4 - 2023-05-05
  • 18.16.3 - 2023-04-29
  • 18.16.2 - 2023-04-27
  • 18.16.1 - 2023-04-25
  • 18.16.0 - 2023-04-23
  • 18.15.13 - 2023-04-21
  • 18.15.12 - 2023-04-19
  • 18.15.11 - 2023-03-28
  • 18.15.10 - 2023-03-25
  • 18.15.9 - 2023-03-25
  • 18.15.8 - 2023-03-24
  • 18.15.7 - 2023-03-24
  • 18.15.6 - 2023-03-23
  • 18.15.5 - 2023-03-20
  • 18.15.4 - 2023-03-20
  • 18.15.3 - 2023-03-14
  • 18.15.2 - 2023-03-13
  • 18.15.1 - 2023-03-13
  • 18.15.0 - 2023-03-09
  • 18.14.6 - 2023-03-03
  • 18.14.5 - 2023-03-03
  • 18.14.4 - 2023-03-02
  • 18.14.3 - 2023-03-02
  • 18.14.2 - 2023-02-26
  • 18.14.1 - 2023-02-23
  • 18.14.0 - 2023-02-17
  • 18.13.0 - 2023-02-07
  • 18.11.19 - 2023-02-04
  • 18.11.18 - 2022-12-26
  • 18.11.17 - 2022-12-17
  • 18.11.16 - 2022-12-16
  • 18.11.15 - 2022-12-13
  • 18.11.14 - 2022-12-13
  • 18.11.13 - 2022-12-10
  • 18.11.12 - 2022-12-08
  • 18.11.11 - 2022-12-05
from @types/node GitHub release notes
Package name: @types/express
  • 4.17.21 - 2023-11-07
  • 4.17.20 - 2023-10-18
  • 4.17.19 - 2023-10-10
  • 4.17.18 - 2023-09-23
  • 4.17.17 - 2023-02-03
  • 4.17.16 - 2023-01-23
  • 4.17.15 - 2022-12-13
  • 4.17.14 - 2022-09-13
from @types/express GitHub release notes
Package name: @types/cookie-parser
  • 1.4.7 - 2024-02-29
  • 1.4.6 - 2023-11-07
  • 1.4.5 - 2023-10-18
  • 1.4.4 - 2023-09-04
  • 1.4.3 - 2022-04-27
from @types/cookie-parser GitHub release notes
Package name: @types/multer
  • 1.4.12 - 2024-08-23
  • 1.4.11 - 2023-11-21
  • 1.4.10 - 2023-11-07
  • 1.4.9 - 2023-10-18
  • 1.4.8 - 2023-09-27
  • 1.4.7 - 2021-07-07
from @types/multer GitHub release notes
Package name: @types/nodemon
  • 1.19.6 - 2023-11-21
  • 1.19.5 - 2023-11-07
  • 1.19.4 - 2023-10-18
  • 1.19.3 - 2023-09-23
  • 1.19.2 - 2022-07-20
from @types/nodemon GitHub release notes
Package name: @types/request-promise
  • 4.1.51 - 2023-11-07
  • 4.1.50 - 2023-10-18
  • 4.1.49 - 2023-09-27
  • 4.1.48 - 2021-07-07
from @types/request-promise GitHub release notes
Package name: socket.io
  • 4.7.5 - 2024-03-14
  • 4.7.4 - 2024-01-12
  • 4.7.3 - 2024-01-03
  • 4.7.2 - 2023-08-02
  • 4.7.1 - 2023-06-28
  • 4.7.0 - 2023-06-22
  • 4.6.2 - 2023-05-31
  • 4.6.1 - 2023-02-20
  • 4.6.0 - 2023-02-07
  • 4.6.0-alpha1 - 2023-01-25
  • 4.5.4 - 2022-11-22
from socket.io GitHub release notes
Package name: bcrypt from bcrypt GitHub release notes
Package name: class-validator
  • 0.14.1 - 2024-01-12

    What's Changed

    • fix: fail for non-array constraint in @ IsIn decorator by @ NoNameProvided in #1844
    • feat: allow specifying options for @ IsBase64 decorator by @ NoNameProvided in #1845
    • feat: use official type for version in @ IsUUID decorator by @ NoNameProvided in #1846
    • build(deps-dev): bump @ types/node from 18.11.12 to 18.11.13 by @ dependabot in #1847
    • build(deps): bump libphonenumber-js from 1.10.14 to 1.10.15 by @ dependabot in #1848
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.46.0 to 5.46.1 by @ dependabot in #1850
    • build(deps-dev): bump @ types/node from 18.11.13 to 18.11.14 by @ dependabot in #1851
    • build(deps-dev): bump @ typescript-eslint/parser from 5.46.0 to 5.46.1 by @ dependabot in #1852
    • build(deps-dev): bump @ types/node from 18.11.14 to 18.11.15 by @ dependabot in #1854
    • build(deps-dev): bump @ rollup/plugin-commonjs from 23.0.4 to 23.0.5 by @ dependabot in #1855
    • docs: fix typos and reformat decorators table by @ carlocorradini in #1849
    • fix: allow number and boolean values in validation message "$value" tokens by @ kffl in #1467
    • feat: update @ IsPhoneNumber decorator to use max dataset by @ NoNameProvided in #1857
    • fix: read nullable option in @ IsNotEmptyObject decorator correctly by @ arkist in #1555
    • build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.1.7 by @ dependabot in #1859
    • build(deps-dev): bump eslint from 8.29.0 to 8.30.0 by @ dependabot in #1860
    • build(deps-dev): bump @ rollup/plugin-commonjs from 23.0.5 to 24.0.0 by @ dependabot in #1862
    • build(deps-dev): bump @ types/node from 18.11.15 to 18.11.17 by @ dependabot in #1861
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.46.1 to 5.47.0 by @ dependabot in #1864
    • build(deps-dev): bump @ typescript-eslint/parser from 5.46.1 to 5.47.0 by @ dependabot in #1865
    • build(deps-dev): bump @ typescript-eslint/parser from 5.47.0 to 5.47.1 by @ dependabot in #1870
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.47.0 to 5.47.1 by @ dependabot in #1872
    • build(deps-dev): bump @ types/node from 18.11.17 to 18.11.18 by @ dependabot in #1871
    • build(deps-dev): bump @ types/jest from 29.2.4 to 29.2.5 by @ dependabot in #1875
    • build(deps): bump json5 from 2.2.1 to 2.2.3 by @ dependabot in #1878
    • build(deps-dev): bump eslint from 8.30.0 to 8.31.0 by @ dependabot in #1876
    • build(deps-dev): bump eslint-plugin-jest from 27.1.7 to 27.2.0 by @ dependabot in #1877
    • build(deps-dev): bump @ typescript-eslint/parser from 5.47.1 to 5.48.0 by @ dependabot in #1879
    • build(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0 by @ dependabot in #1881
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.47.1 to 5.48.0 by @ dependabot in #1880
    • build(deps): bump libphonenumber-js from 1.10.15 to 1.10.16 by @ dependabot in #1886
    • build(deps-dev): bump eslint-plugin-jest from 27.2.0 to 27.2.1 by @ dependabot in #1890
    • build(deps): bump libphonenumber-js from 1.10.16 to 1.10.17 by @ dependabot in #1892
    • build(deps-dev): bump prettier from 2.8.1 to 2.8.2 by @ dependabot in #1891
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.48.0 to 5.48.1 by @ dependabot in #1894
    • build(deps-dev): bump @ typescript-eslint/parser from 5.48.0 to 5.48.1 by @ dependabot in #1893
    • build(deps): bump libphonenumber-js from 1.10.17 to 1.10.18 by @ dependabot in #1895
    • build(deps-dev): bump ts-jest from 29.0.3 to 29.0.4 by @ dependabot in #1898
    • build(deps-dev): bump rimraf from 3.0.2 to 4.0.4 by @ dependabot in #1900
    • build(deps-dev): bump eslint from 8.31.0 to 8.32.0 by @ dependabot in #1902
    • build(deps-dev): bump prettier from 2.8.2 to 2.8.3 by @ dependabot in #1905
    • build(deps-dev): bump ts-jest from 29.0.4 to 29.0.5 by @ dependabot in #1904
    • build(deps-dev): bump rimraf from 4.0.4 to 4.0.7 by @ dependabot in #1903
    • build(deps-dev): bump @ typescript-eslint/parser from 5.48.1 to 5.48.2 by @ dependabot in #1908
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2 by @ dependabot in #1910
    • build(deps-dev): bump rimraf from 4.0.7 to 4.1.0 by @ dependabot in

@snyk-bot
fix: upgrade multiple dependencies with Snyk
01a14f1 
Snyk has created this PR to upgrade:
  - @types/node from 18.11.11 to 18.19.48.
    See this package in npm: https://www.npmjs.com/package/@types/node
  - @types/express from 4.17.14 to 4.17.21.
    See this package in npm: https://www.npmjs.com/package/@types/express
  - @types/cookie-parser from 1.4.3 to 1.4.7.
    See this package in npm: https://www.npmjs.com/package/@types/cookie-parser
  - @types/multer from 1.4.7 to 1.4.12.
    See this package in npm: https://www.npmjs.com/package/@types/multer
  - @types/nodemon from 1.19.2 to 1.19.6.
    See this package in npm: https://www.npmjs.com/package/@types/nodemon
  - @types/request-promise from 4.1.48 to 4.1.51.
    See this package in npm: https://www.npmjs.com/package/@types/request-promise
  - socket.io from 4.5.4 to 4.7.5.
    See this package in npm: https://www.npmjs.com/package/socket.io
  - bcrypt from 5.1.0 to 5.1.1.
    See this package in npm: https://www.npmjs.com/package/bcrypt
  - class-validator from 0.14.0 to 0.14.1.
    See this package in npm: https://www.npmjs.com/package/class-validator
  - dotenv from 16.0.3 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - express from 4.18.2 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - nodemon from 2.0.20 to 2.0.22.
    See this package in npm: https://www.npmjs.com/package/nodemon
  - reflect-metadata from 0.1.13 to 0.2.2.
    See this package in npm: https://www.npmjs.com/package/reflect-metadata
  - ts-node from 10.9.1 to 10.9.2.
    See this package in npm: https://www.npmjs.com/package/ts-node
  - type from 2.7.2 to 2.7.3.
    See this package in npm: https://www.npmjs.com/package/type
  - typeorm from 0.3.11 to 0.3.20.
    See this package in npm: https://www.npmjs.com/package/typeorm
  - typescript from 4.9.3 to 4.9.5.
    See this package in npm: https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/charley04310/project/2d87764d-8e20-4f62-b20e-91d4dcb033a7?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@charley04310 @snyk-bot