Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: body-parser, chart.js, cloudinary, dotenv, ejs, express, express-session, formidable, mongodb, mongoose, passport, swiper #12

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: body-parser, chart.js, cloudinary, dotenv, ejs, express, express-session, formidable, mongodb, mongoose, passport, swiper #12

wants to merge 1 commit into from

Conversation

mytamDo
Copy link
Owner

@mytamDo mytamDo commented Sep 16, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

body-parser
from 1.20.1 to 1.20.2 | 1 version ahead of your current version | 2 years ago
on 2023-02-22
chart.js
from 4.0.1 to 4.4.4 | 14 versions ahead of your current version | a month ago
on 2024-08-20
cloudinary
from 1.32.0 to 1.41.3 | 19 versions ahead of your current version | 8 months ago
on 2024-01-18
dotenv
from 16.0.3 to 16.4.5 | 17 versions ahead of your current version | 7 months ago
on 2024-02-20
ejs
from 3.1.8 to 3.1.10 | 2 versions ahead of your current version | 5 months ago
on 2024-04-12
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-session
from 1.17.3 to 1.18.0 | 1 version ahead of your current version | 8 months ago
on 2024-01-28
formidable
from 2.0.1 to 2.1.2 | 3 versions ahead of your current version | 2 years ago
on 2022-12-01
mongodb
from 4.17.1 to 4.17.2 | 1 version ahead of your current version | 9 months ago
on 2023-12-05
mongoose
from 6.12.3 to 6.13.0 | 7 versions ahead of your current version | 3 months ago
on 2024-06-06
passport
from 0.6.0 to 0.7.0 | 1 version ahead of your current version | 10 months ago
on 2023-11-27
swiper
from 8.4.4 to 8.4.7 | 3 versions ahead of your current version | 2 years ago
on 2023-01-30

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Sandbox Escape
SNYK-JS-VM2-5422057		 811 Proof of Concept
critical severity Improper Handling of Exceptional Conditions
SNYK-JS-VM2-5426093		 811 No Known Exploit
medium severity Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
SNYK-JS-VM2-5537079		 811 Proof of Concept
critical severity Sandbox Bypass
SNYK-JS-VM2-5537100		 811 Proof of Concept
critical severity Remote Code Execution (RCE)
SNYK-JS-VM2-5772823		 811 Proof of Concept
critical severity Remote Code Execution (RCE)
SNYK-JS-VM2-5772825		 811 Mature
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 811 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973		 811 Proof of Concept
critical severity Sandbox Escape
SNYK-JS-VM2-5415299		 811 Proof of Concept
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533		 811 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 811 No Known Exploit
Release notes
Package name: body-parser
  • 1.20.2 - 2023-02-22
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
      • perf: skip value escaping when unnecessary
    • deps: raw-body@2.5.2
  • 1.20.1 - 2022-10-06
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
from body-parser GitHub release notes
Package name: chart.js

@snyk-bot
fix: upgrade multiple dependencies with Snyk
a9be0ea 
Snyk has created this PR to upgrade:
  - body-parser from 1.20.1 to 1.20.2.
    See this package in npm: https://www.npmjs.com/package/body-parser
  - chart.js from 4.0.1 to 4.4.4.
    See this package in npm: https://www.npmjs.com/package/chart.js
  - cloudinary from 1.32.0 to 1.41.3.
    See this package in npm: https://www.npmjs.com/package/cloudinary
  - dotenv from 16.0.3 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - ejs from 3.1.8 to 3.1.10.
    See this package in npm: https://www.npmjs.com/package/ejs
  - express from 4.18.2 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - express-session from 1.17.3 to 1.18.0.
    See this package in npm: https://www.npmjs.com/package/express-session
  - formidable from 2.0.1 to 2.1.2.
    See this package in npm: https://www.npmjs.com/package/formidable
  - mongodb from 4.17.1 to 4.17.2.
    See this package in npm: https://www.npmjs.com/package/mongodb
  - mongoose from 6.12.3 to 6.13.0.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - passport from 0.6.0 to 0.7.0.
    See this package in npm: https://www.npmjs.com/package/passport
  - swiper from 8.4.4 to 8.4.7.
    See this package in npm: https://www.npmjs.com/package/swiper

See this project in Snyk:
https://app.snyk.io/org/joshabar/project/d375c2e2-a7f8-4df9-95ad-ce585b869760?utm_source=github&utm_medium=referral&page=upgrade-pr
@vercel Vercel
Copy link

vercel bot commented Sep 16, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
atbmhttt-ssrf-web-demo ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 16, 2024 8:39am
fbfood-is335-demo ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 16, 2024 8:39am

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mytamDo @snyk-bot