New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mqtt from 4.2.6 to 4.3.7 #23

Closed

netroy wants to merge 1 commit into master from snyk-upgrade-217a44535c904837ed3e582839e11393

Owner

netroy commented Mar 21, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mqtt from 4.2.6 to 4.3.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 10 versions ahead of your current version.
The recommended version was released a year ago, on 2022-03-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mqtt

4.3.7 - 2022-03-16
What's Changed
- fix: fix regression from #1401 and allow CI test failures to break gitthub workflow by @ BertKleewein in #1443
Full Changelog: v4.3.6...v4.3.7
4.3.6 - 2022-02-17
- bump version and update changelog
4.3.5 - 2022-02-07
What's Changed
- chore: update readme about master by @ YoDaMa in #1399
- fix drain leak by @ BertKleewein in #1401
- release: 4.3.5 by @ YoDaMa in #1414
New Contributors
- @ BertKleewein made their first contribution in #1401
Full Changelog: v4.3.4...v4.3.5
4.3.4 - 2022-01-06
What's Changed
- Migrate LruMap from collections to lru-cache. by @ redboltz in #1396
- release(1.6.2022): 4.3.4 by @ YoDaMa in #1397
Full Changelog: v4.3.3...v4.3.4
4.3.3 - 2022-01-05
What's Changed
- Removed collections.js dependency from number-allocator. by @ redboltz in #1394
- Fix #1372. by @ redboltz in #1393
- release(1.5.2022): 4.3.3 by @ YoDaMa in #1395
Full Changelog: v4.3.2...v4.3.3
4.3.2 - 2021-12-29
What's Changed
- Updated collections.js related package version. by @ redboltz in #1386
- release: 4.3.2 by @ YoDaMa in #1388
Full Changelog: v4.3.1...v4.3.2
4.3.1 - 2021-12-24
What's Changed
- fix(dependencies): remove babel-eslint by @ YoDaMa in #1383
- release: 4.3.1 by @ YoDaMa in #1384
Full Changelog: v4.3.0...v4.3.1
4.3.0 - 2021-12-22
Read more
4.2.8 - 2021-06-21
This release is a patch update bugfixes.

📚 PR:
Fix ws vulnerability and typescript bug (#1292)
4.2.7 - 2021-06-21
4.2.6 - 2020-11-25

from mqtt GitHub release notes

Commit messages

Package name: mqtt

7670d61 bump version
accd78e fix: fix regression from Bitwarden node n8n-io/n8n#1401 and allow CI test failures to break gitthub workflow (🐛 Fix bug with Google Drive node n8n-io/n8n#1443)
fe78288 release: 4.3.6 (make it possible to sort your added values n8n-io/n8n#1425)
f5ab1b5 fix: buffer is not defined in browser (embedding n8n within a django system n8n-io/n8n#1420)
fad8ad6 chores: update CI (replace some fallback values to match the value type n8n-io/n8n#1421)
28c4040 fix(types): connect function proper overloads for its parameters (🔖 Discord Node v2.0 n8n-io/n8n#1416)
9eb4c79 release: 4.3.5 (Stackby Integration n8n-io/n8n#1414)
7ec4b8f fix(sendPacket): drain leak (Bitwarden node n8n-io/n8n#1401)
4604b10 chore(README): add announcements (✨ Tapfiliate Node n8n-io/n8n#1399)
0a8e3b2 release(1.6.2022): 4.3.4 (add s and u flag support for regex n8n-io/n8n#1397)
5c67037 fix: migrate LruMap from collections to lru-cache. (⚡ Dynamic webhooks improvements n8n-io/n8n#1396)
b4925d0 release(1.5.2022): 4.3.3 (Running workflow twice causes $env to disappear second time n8n-io/n8n#1395)
58fb8df Fix(publish): call callback when messageId available (Add Deal description to Hubspot node n8n-io/n8n#1393)
ee75c32 fix: remove collections.js dependency from number-allocator. (export / import crashes n8n-io/n8n#1394)
f04c24b release: 4.3.2 (Add more valid file types to attachments. n8n-io/n8n#1388)
df89a2e fix(dependency): Updated collections.js related package version. (⚡ Add project field when creating a task n8n-io/n8n#1386)
aa443fc release: 4.3.1 (Fix Google Drive delete and share n8n-io/n8n#1384)
66d43d4 fix(dependencies): remove babel-eslint and update snazzy (🎨 small webhook refactorings n8n-io/n8n#1383)
b5d8c72 release: 4.2.8 (Added logging to n8n n8n-io/n8n#1381)
d5850b7 feat(client): auth handler for enhanced auth (Strange Date/Timezone Bug is misleading in IF-Node n8n-io/n8n#1380)
06f2fd2 feat: add support for ALPN TLS extension (⚡️ Introduce FE external hooks n8n-io/n8n#1332)
8de9394 fix(type): add properties type for IClientSubscribeOptions (✨ Add TimescaleDB node n8n-io/n8n#1378)
e1aa949 chore: var to let/const and audit dev dependencies (Add support for Todoist sections n8n-io/n8n#1374)
2679952 fix(tls): Skip TLS SNI if host is IP address (feature/mautic-extended n8n-io/n8n#1311)

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade mqtt from 4.2.6 to 4.3.7

c96b2b5

Snyk has created this PR to upgrade mqtt from 4.2.6 to 4.3.7.

See this package in npm:
https://www.npmjs.com/package/mqtt

See this project in Snyk:
https://app.snyk.io/org/janober/project/9a9ee6e0-4f58-4619-b669-dd5801cb62ea?utm_source=github&utm_medium=referral&page=upgrade-pr

netroy closed this

netroy deleted the snyk-upgrade-217a44535c904837ed3e582839e11393 branch

March 28, 2023 11:06

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet