Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade sql-bricks from 2.0.4 to 3.0.0 #45

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade sql-bricks from 2.0.4 to 3.0.0 #45

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 1, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sql-bricks The new version differs by 34 commits.
  • 5eb39fb 3.0.0
  • 4a195d1 Fixed outdated readme sentence re: dependencies
  • 038029a 3.0.0-beta.4
  • 3f544f1 Fixed findIndex bug introduced in 25f46ca68a, added regression test
  • 9fa50b3 3.0.0-beta.3
  • 96c6322 Merge pull request #127 from pgarrison/zero-dep
  • bb161a7 Make deepEqual actually recursive
  • 25f46ca Write findIndex with a for loop
  • 6441e75 remove console.log
  • 70351a6 review change
  • 9663def Update readme.md
  • 1a654bb Merge pull request #109 from paleo/master
  • 825a8c1 Merge pull request #111 from CSNW/npm-audit-20191022
  • bd4b80c remove underscore from sql-bricks codebase
  • e986895 update package.json so it uses mocha without npm audit issues
  • 087027d Create CONTRIBUTING.md
  • 11e5220 Create CODE_OF_CONDUCT.md
  • fa02672 Add TypeScript definitions
  • 8dd9b54 Update readme.md
  • 7936a44 3.0.0-beta.2
  • de68ce4 Updated docs
  • 6dba783 Added links to tamarzil's mysql-bricks
  • 6765001 Removed Node 4.x from Travis, since mocha requires the latest debug which doesn't support Node 4.x
  • 32c844f Merge pull request #106 from joelmukuthu/fix/nowait

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 1, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot