-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade: , ajv, archiver, dayjs, dockerode, dotenv, express, express-rate-limit, express-validator, file-type, helmet, http-status, joi, mongoose, papaparse, passport, passport-jwt, redis, swagger-ui-express, winston #990
base: master
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade: - @babel/runtime from 7.18.6 to 7.25.0. See this package in npm: https://www.npmjs.com/package/@babel/runtime - ajv from 8.11.0 to 8.17.1. See this package in npm: https://www.npmjs.com/package/ajv - archiver from 5.3.1 to 5.3.2. See this package in npm: https://www.npmjs.com/package/archiver - dayjs from 1.11.3 to 1.11.13. See this package in npm: https://www.npmjs.com/package/dayjs - dockerode from 3.3.2 to 3.3.5. See this package in npm: https://www.npmjs.com/package/dockerode - dotenv from 16.0.1 to 16.4.5. See this package in npm: https://www.npmjs.com/package/dotenv - express from 4.18.1 to 4.19.2. See this package in npm: https://www.npmjs.com/package/express - express-rate-limit from 6.4.0 to 6.11.2. See this package in npm: https://www.npmjs.com/package/express-rate-limit - express-validator from 6.14.2 to 6.15.0. See this package in npm: https://www.npmjs.com/package/express-validator - file-type from 16.5.3 to 16.5.4. See this package in npm: https://www.npmjs.com/package/file-type - helmet from 5.1.0 to 5.1.1. See this package in npm: https://www.npmjs.com/package/helmet - http-status from 1.5.2 to 1.7.4. See this package in npm: https://www.npmjs.com/package/http-status - joi from 17.6.0 to 17.13.3. See this package in npm: https://www.npmjs.com/package/joi - mongoose from 6.4.1 to 6.13.0. See this package in npm: https://www.npmjs.com/package/mongoose - papaparse from 5.3.2 to 5.4.1. See this package in npm: https://www.npmjs.com/package/papaparse - passport from 0.6.0 to 0.7.0. See this package in npm: https://www.npmjs.com/package/passport - passport-jwt from 4.0.0 to 4.0.1. See this package in npm: https://www.npmjs.com/package/passport-jwt - redis from 4.1.0 to 4.7.0. See this package in npm: https://www.npmjs.com/package/redis - swagger-ui-express from 4.4.0 to 4.6.3. See this package in npm: https://www.npmjs.com/package/swagger-ui-express - winston from 3.8.0 to 3.14.2. See this package in npm: https://www.npmjs.com/package/winston See this project in Snyk: https://app.snyk.io/org/florentinth/project/79b255c4-1eb2-4abe-b47a-e641ddfba5cb?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package.json
@@ -32,49 +32,49 @@ | |||
}, | |||
"homepage": "https://github.com/FlorentinTh/LE2ML-API#readme", | |||
"dependencies": { | |||
"@babel/runtime": "^7.18.6", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
18.6
@@ -32,49 +32,49 @@ | |||
}, | |||
"homepage": "https://github.com/FlorentinTh/LE2ML-API#readme", | |||
"dependencies": { | |||
"@babel/runtime": "^7.18.6", | |||
"ajv": "^8.11.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
11.0
@@ -32,49 +32,49 @@ | |||
}, | |||
"homepage": "https://github.com/FlorentinTh/LE2ML-API#readme", | |||
"dependencies": { | |||
"@babel/runtime": "^7.18.6", | |||
"ajv": "^8.11.0", | |||
"@babel/runtime": "^7.25.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
25.0
"@babel/runtime": "^7.18.6", | ||
"ajv": "^8.11.0", | ||
"@babel/runtime": "^7.25.0", | ||
"ajv": "^8.17.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
17.1
"ajv-formats": "^2.1.1", | ||
"ajv-formats-draft2019": "^1.6.1", | ||
"archiver": "^5.3.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1
"readdirp": "^3.6.0", | ||
"redis": "^4.1.0", | ||
"redis": "^4.7.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
7
"serve-favicon": "^2.5.0", | ||
"spdy": "^4.0.2", | ||
"striplines": "^1.0.2", | ||
"swagger-ui-express": "^4.4.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4.0
"serve-favicon": "^2.5.0", | ||
"spdy": "^4.0.2", | ||
"striplines": "^1.0.2", | ||
"swagger-ui-express": "^4.4.0", | ||
"swagger-ui-express": "^4.6.3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
6.3
"uuid": "^8.3.2", | ||
"winston": "^3.8.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
8.0
"uuid": "^8.3.2", | ||
"winston": "^3.8.0" | ||
"winston": "^3.14.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
14.2
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@babel/runtime
from 7.18.6 to 7.25.0 | 40 versions ahead of your current version | 2 months ago
on 2024-07-26
ajv
from 8.11.0 to 8.17.1 | 8 versions ahead of your current version | 2 months ago
on 2024-07-12
archiver
from 5.3.1 to 5.3.2 | 1 version ahead of your current version | a year ago
on 2023-08-17
dayjs
from 1.11.3 to 1.11.13 | 10 versions ahead of your current version | 22 days ago
on 2024-08-20
dockerode
from 3.3.2 to 3.3.5 | 3 versions ahead of your current version | a year ago
on 2023-03-12
dotenv
from 16.0.1 to 16.4.5 | 19 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.1 to 4.19.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-25
express-rate-limit
from 6.4.0 to 6.11.2 | 13 versions ahead of your current version | a year ago
on 2023-09-12
express-validator
from 6.14.2 to 6.15.0 | 2 versions ahead of your current version | 2 years ago
on 2023-02-16
file-type
from 16.5.3 to 16.5.4 | 1 version ahead of your current version | 2 years ago
on 2022-07-21
helmet
from 5.1.0 to 5.1.1 | 1 version ahead of your current version | 2 years ago
on 2022-07-23
http-status
from 1.5.2 to 1.7.4 | 9 versions ahead of your current version | 7 months ago
on 2024-02-23
joi
from 17.6.0 to 17.13.3 | 27 versions ahead of your current version | 3 months ago
on 2024-06-19
mongoose
from 6.4.1 to 6.13.0 | 59 versions ahead of your current version | 3 months ago
on 2024-06-06
papaparse
from 5.3.2 to 5.4.1 | 2 versions ahead of your current version | a year ago
on 2023-03-23
passport
from 0.6.0 to 0.7.0 | 1 version ahead of your current version | 9 months ago
on 2023-11-27
passport-jwt
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-12-24
redis
from 4.1.0 to 4.7.0 | 24 versions ahead of your current version | a month ago
on 2024-07-29
swagger-ui-express
from 4.4.0 to 4.6.3 | 5 versions ahead of your current version | a year ago
on 2023-05-05
winston
from 3.8.0 to 3.14.2 | 12 versions ahead of your current version | a month ago
on 2024-08-14
Issues fixed by the recommended upgrade:
SNYK-JS-FILETYPE-2958042
SNYK-JS-IP-6240864
SNYK-JS-MONGOOSE-2961688
SNYK-JS-MONGOOSE-5777721
SNYK-JS-EXPRESS-6474509
SNYK-JS-IP-7148531
SNYK-JS-MONGODB-5871303
SNYK-JS-SIDEWAYFORMULA-3317169
Release notes
Package name: @babel/runtime
v7.25.0 (2024-07-26)
Thanks @ davidtaylorhq and @ slatereax for your first PR!
You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.
👓 Spec Compliance
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
await using
normative updates (@ JLHwung)babel-plugin-transform-typescript
🚀 New Feature
babel-helper-create-class-features-plugin
,babel-helper-function-name
,babel-helper-plugin-utils
,babel-helper-wrap-function
,babel-plugin-bugfix-safari-class-field-initializer-scope
,babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression
,babel-plugin-transform-classes
,babel-plugin-transform-function-name
,babel-preset-env
,babel-traverse
,babel-types
ensureFunctionName
toNodePath.prototype
(@ nicolo-ribaudo)babel-helper-hoist-variables
,babel-helper-plugin-utils
,babel-plugin-proposal-async-do-expressions
,babel-plugin-transform-modules-systemjs
,babel-traverse
hoistVariables
toScope.prototype
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-module-transforms
,babel-helper-plugin-utils
,babel-helper-split-export-declaration
,babel-plugin-transform-classes
,babel-traverse
,babel-types
splitExportDeclaration
toNodePath.prototype
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-environment-visitor
,babel-helper-module-transforms
,babel-helper-plugin-utils
,babel-helper-remap-async-to-generator
,babel-helper-replace-supers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-bugfix-v8-static-class-fields-redefine-readonly
,babel-plugin-transform-async-generator-functions
,babel-plugin-transform-classes
,babel-traverse
environment-visitor
helper into@ babel/traverse
(@ nicolo-ribaudo)babel-core
,babel-parser
.extra.async
(@ nicolo-ribaudo)babel-compat-data
,babel-plugin-bugfix-safari-class-field-initializer-scope
,babel-preset-env
bugfix-safari-class-field-initializer-scope
(@ davidtaylorhq)babel-plugin-transform-block-scoping
,babel-traverse
,babel-types
NodePath#getAssignmentIdentifiers
(@ JLHwung)babel-helper-import-to-platform-api
,babel-plugin-proposal-json-modules
uncheckedRequire
option for JSON imports to CJS (@ nicolo-ribaudo)babel-helper-transform-fixture-test-runner
,babel-node
babel-node --eval
(@ slatereax)babel-compat-data
,babel-helper-create-regexp-features-plugin
,babel-plugin-proposal-duplicate-named-capturing-groups-regex
,babel-plugin-transform-duplicate-named-capturing-groups-regex
,babel-preset-env
,babel-standalone
duplicate-named-capturing-groups-regex
topreset-env
(@ JLHwung)🐛 Bug Fix
babel-generator
babel-template
,babel-types
🏠 Internal
babel-generator
(
before ambiguous tokens (@ nicolo-ribaudo)babel-helper-function-name
,babel-plugin-transform-arrow-functions
,babel-plugin-transform-function-name
,babel-preset-env
,babel-traverse
helper-function-name
logic (@ nicolo-ribaudo)🏃♀️ Performance
babel-parser
,babel-plugin-proposal-pipeline-operator
🔬 Output optimization
babel-plugin-transform-classes
assertThisInitialized
(@ liuxingbaoyu)babel-helper-create-class-features-plugin
,babel-helper-replace-supers
,babel-helpers
,babel-plugin-proposal-decorators
,babel-plugin-transform-class-properties
,babel-plugin-transform-classes
,babel-plugin-transform-exponentiation-operator
,babel-plugin-transform-object-super
,babel-plugin-transform-private-methods
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
super.x
output (@ liuxingbaoyu)babel-plugin-transform-class-properties
,babel-plugin-transform-classes
Committers: 6
v7.24.8 (2024-07-11)
Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!
👓 Spec Compliance
babel-parser
declare
(@ liuxingbaoyu)🐛 Bug Fix
babel-generator
in
infor
heads (@ nicolo-ribaudo)await using
(@ nicolo-ribaudo)babel-parser
using
declarations (@ H0onnn).value: undefined
to regexp literals (@ liuxingbaoyu)babel-types
ObjectTypeInternalSlot
visitor keys (@ nicolo-ribaudo)babel-plugin-transform-typescript
export import x =
(@ liuxingbaoyu)💅 Polish
babel-generator
async
infor await
(@ nicolo-ribaudo)babel-traverse
Scope.globals
multiple times (@ liuxingbaoyu)Committers: 9
v7.24.7 (2024-06-05)
🐛 Bug Fix
babel-node
babel-traverse
constantViolations
with destructuring (@ liuxingbaoyu)babel-helper-transform-fixture-test-runner
,babel-plugin-proposal-explicit-resource-management
using
inswitch
correctly (@ liuxingbaoyu)🏠 Internal
babel-helpers
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
Committers: 7
v7.24.6 (2024-05-24)
Thanks @ amjed-98, @ blakewilson, @ coelhucas, and @ SukkaW for your first PRs!
🐛 Bug Fix
babel-helper-create-class-features-plugin
,babel-plugin-transform-class-properties
babel-core
,babel-generator
,babel-plugin-transform-modules-commonjs
babel-helper-create-class-features-plugin
,babel-plugin-proposal-decorators
babel-helpers
,babel-plugin-proposal-decorators
,babel-runtime-corejs3
babel-parser
,babel-plugin-transform-typescript
cls.fn<C> = x
(@ liuxingbaoyu)🏠 Internal
babel-core
,babel-helpers
,babel-plugin-transform-runtime
,babel-preset-env
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
babel-helpers
tsconfig.json
for@ babel/helpers/src/helpers
(@ nicolo-ribaudo)babel-cli
,babel-helpers
,babel-plugin-external-helpers
,babel-plugin-proposal-decorators
,babel-plugin-transform-class-properties
,babel-plugin-transform-modules-commonjs
,babel-plugin-transform-modules-systemjs
,babel-plugin-transform-runtime
,babel-preset-env
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
babel-parser
,babel-traverse
Committers: 9
v7.24.5 (2024-04-29)
Thanks @ romgrk and @ sossost for your first PRs!
🐛 Bug Fix
babel-plugin-transform-classes
,babel-traverse
babel-helpers
,babel-plugin-proposal-explicit-resource-management
,babel-runtime-corejs3
💅 Polish
babel-parser
using
declaration (@ JLHwung)🏠 Internal
babel-parser
@ babel/parser
AST types (@ nicolo-ribaudo).startNode
(@ nicolo-ribaudo)babel-helper-create-class-features-plugin
,babel-helper-member-expression-to-functions
,babel-helper-module-transforms
,babel-helper-split-export-declaration
,babel-helper-wrap-function
,babel-helpers
,babel-plugin-bugfix-firefox-class-in-computed-class-key
,babel-plugin-proposal-explicit-resource-management
,babel-plugin-transform-block-scoping
,babel-plugin-transform-destructuring
,babel-plugin-transform-object-rest-spread
,babel-plugin-transform-optional-chaining
,babel-plugin-transform-parameters
,babel-plugin-transform-private-property-in-object
,babel-plugin-transform-react-jsx-self
,babel-plugin-transform-typeof-symbol
,babel-plugin-transform-typescript
,babel-traverse
NodePath<T | U>
distributive (@ nicolo-ribaudo)babel-plugin-proposal-partial-application
,babel-types
JSXNamespacedName
from validCallExpression
args (@ nicolo-ribaudo)babel-plugin-transform-class-properties
,babel-preset-env
🏃♀️ Performance
babel-helpers
,babel-preset-env
,babel-runtime-corejs3
objectWithoutPropertiesLoose
on V8 (@ romgrk)Committers: 6
Package name: ajv
What's Changed
Full Changelog: v8.17.0...v8.17.1
Plus everything in 8.17.0 which failed to release
The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.
Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
docs: refactor to improve legibility by @ blottn in #2432
Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
docs: Fix broken strict-mode link by @ alexanderjsx in #2459
feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in #2449
fix: changes for @ typescript-eslint/array-type rule by @ jasoniangreen in #2467
fixes #2217 - clarify custom keyword naming by @ jasoniangreen in #2457
What's Changed
Full Changelog: v8.15.0...v8.16.0
What's Changed
uri-js
withfast-uri
by @ vixalien in #2415New Contributors
Full Changelog: v8.14.0...v8.15.0
What's Changed
New Contributors
Full Changelog: v8.13.0...v8.14.0
Update dependencies
Export ValidationError and MissingRefError (#1840, @ dannyb648)
Update dependencies
Export ValidationError and MissingRefError (#1840, @ dannyb648)
Use root schemaEnv when resolving references in oneOf (#1901, @ asprouse)
Only use equal function in generated code when it is used (#1922, @ bhvngt)
Package name: archiver
What’s changed
Dependency updates