Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade loopback from 2.22.0 to 3.28.0 #406

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ninadhatkar
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • appengine/loopback/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEMAILER-6219989
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: loopback The new version differs by 250 commits.
  • a22d4f9 3.28.0
  • 223dd5d Merge pull request #4338 from achrinzafork/chore/update-module-lts-node14
  • fbd9783 Merge pull request #4340 from strongloop/upgrade-nodemailer
  • 6f04b61 upgrade nodemailer to greater than 6.4.16
  • ab3e159 chore: sync LoopBack 4 with Node.js v14 EOL
  • 5b61efb Merge pull request #4334 from strongloop/travis
  • e457e26 chore: add Node.js 14 to travis
  • ab2e462 Merge pull request #4318 from strongloop/bajtos-patch-1
  • f2f7332 Remove "major" and "p1" from stalebot
  • 06fcaa1 3.27.0
  • d929b57 Merge pull request #4315 from strongloop/feat/maintenance-lts
  • 58f6545 Update LTS status in README
  • cdf48b6 Merge pull request #4303 from strongloop/copyright
  • f788aae chore: update copyright year
  • 6a7fc52 Merge pull request #4290 from sujeshthekkepatt/fix/hasone-relation-error-message
  • b93187b feat: change hasone relation error message
  • 2db09a3 Merge pull request #4281 from strongloop/chore/improve-issue-templates
  • 4edcc4f chore: disable security issue reporting
  • b848bd9 Merge pull request #4283 from strongloop/fix-comma-dangle
  • aa76a19 chore: fix eslint violations
  • f2f0b3a Merge pull request #4267 from strongloop/update-dev-deps
  • 82cd668 fixup! manual fixes
  • 397d141 fixup! eslint --fix .
  • aec86cc chore: update eslint & eslint-config to latest

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants