[Snyk] Upgrade: , dotenv, express, express-rate-limit, google-auth-library, mongoose #127
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@cyclonedx/cyclonedx-npm
from 1.16.1 to 1.19.3 | 6 versions ahead of your current version | 2 months ago
on 2024-07-15
dotenv
from 16.4.1 to 16.4.5 | 4 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-rate-limit
from 7.1.5 to 7.4.0 | 4 versions ahead of your current version | 2 months ago
on 2024-07-23
google-auth-library
from 9.6.3 to 9.14.0 | 8 versions ahead of your current version | a month ago
on 2024-08-20
mongoose
from 8.1.1 to 8.6.0 | 26 versions ahead of your current version | 22 days ago
on 2024-08-28
Issues fixed by the recommended upgrade:
SNYK-JS-CYCLONEDXCYCLONEDXLIBRARY-6820989
SNYK-JS-EXPRESS-6474509
Release notes
Package name: @cyclonedx/cyclonedx-npm
Dependencies
@ cyclonedx/cyclonedx-library@^6.11.0
, was@^6.6.0
(via #1205)This was done to incorporate non-breaking upstream changes and fixes.
Build
v5.5.3
now, wasv5.4.5
(via #1201)What's Changed
@ cyclonedx/cyclonedx-library@^6.11.0
by @ jkowalleck in #1205[email protected]
by @ jkowalleck in #1206Full Changelog: v1.19.2...v1.19.3
Fixed
externalReference
s forvcs
type (#1198 via #1202)cdx:npm:package:path
's value on Windows systems (via #1203)What's Changed
Full Changelog: v1.19.0...v1.19.2
Changed
Added
Misc
hosted-git-info@^4||^5||^6||^7
(via #1191)This is also a transitive dependency via already existing direct dependency
normalize-package-data
.What's Changed
Full Changelog: v1.18.0...v1.19.0
Added
Misc
@ cyclonedx/cyclonedx-library@^6.6.0
, was@^6.5.0
(via #1183)What's Changed
Full Changelog: v1.17.0...v1.18.0
Added support for CycloneDX Specification-1.6.
Changed
Added
--spec-version
now supports value1.6
to reflect CycloneDX Specification-1.6 (via #1175)Default value for that option is unchanged - still
1.4
.Build
v5.4.5
now, wasv5.4.2
(via #1167)What's Changed
New Contributors
Full Changelog: v1.16.2...v1.17.0
Style
Build
v5.4.2
now, wasv5.3.3
(via #1160)What's Changed
Full Changelog: v1.16.1...v1.16.2
What's Changed
Full Changelog: v1.16.0...v1.16.1
Package name: dotenv
16.4.5
16.4.4
16.4.3
16.4.2
16.4.1
Package name: express
What's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3
Package name: express-rate-limit
You can view the changelog here.
Fixed
creationStack
validation check when a storewith
localKeys
set to false is used.creationStack
check.You can view the full changelog here.
Added
unsharedStore
validation check that identifies cases where asingle store instance is shared across multiple limiters.
You can view the full changelog here.
Added
creationStack
validation check that looks for instances createdin a request handler.
You can view the full changelog here.
Fixed
async
requestWasSuccessful
methods to work as documented.You can view the full changelog here.
Package name: google-auth-library
9.14.0 (2024-08-19)
Features
AnyAuthClient
type (#1843) (3ae120d)getClient
Requests (#1848) (243ce28)Bug Fixes
9.13.0 (2024-07-29)
Features
9.12.0 (2024-07-26)
Features
Bug Fixes
9.11.0 (2024-06-01)
Features
9.10.0 (2024-05-10)
Features
UserRefreshClient#fetchIdToken
(#1811) (ae8bc54)Bug Fixes
9.9.0 (2024-04-18)
Features