Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 5 vulnerabilities #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 718/1000
Why? Currently trending on Twitter, Recently disclosed, Has a fix available, CVSS 7.7
Improper Input Validation
SNYK-JS-JSONWEBTOKEN-3180020
Yes No Known Exploit
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8
Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022
Yes No Known Exploit
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5
Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024
Yes No Known Exploit
medium severity 626/1000
Why? Recently disclosed, Has a fix available, CVSS 6.8
Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026
Yes No Known Exploit
high severity 751/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
SQL Injection
SNYK-JS-KNEX-3175610
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: hapi-auth-jwt2 The new version differs by 135 commits.

See the full diff

Package name: knex The new version differs by 250 commits.
  • 3475d81 Prepare to release 2.4.0
  • e97f922 Bump tsd from 0.24.1 to 0.25.0 (#5396)
  • e145322 1227: add assertion for basic where clause values (#5417)
  • 962bb0a Bump sinon from 14.0.2 to 15.0.1 (#5413)
  • ab45314 Add JSDoc (TS Flavour) to mjs stub file (#5390)
  • 72bd1f7 Fix: orWhereJson (#5361)
  • 4fc939a Fixes unexpected max acquire-timeout (#5377)
  • 5c4837c Fix lib/.gitignore path separator on Windows. (#5325)
  • 7dbbd00 Bump actions/setup-node from 3.4.1 to 3.5.1 (#5356)
  • d39051f fix: add missing type for 'expirationChecker' on PgConnectionConfig (#5334)
  • f7ccde8 Make compiling SQL in error message optional (#5282)
  • 82610ca Bump tsd from 0.23.0 to 0.24.1 (#5329)
  • cb5be88 Bump typescript from 4.8.2 to 4.8.3 (#5324)
  • dc6dbbf fix: insert array into json column (#5321)
  • 864530c feat: support partial unique indexes (#5316)
  • 6bed5e9 Fix changing the default value of a boolean column in SQLite (#5319)
  • f52b2c5 Merge remote-tracking branch 'origin/master'
  • 05c4707 Prepare to release 2.3.0
  • 13b61c0 Update dependencies (#5317)
  • 97fccdf Explicit jsonb support for custom pg clients (#5201)
  • 1cc1df9 chore: remove bindingHolder for proper scoping (#5235)
  • e0c0fa9 Implement mapBinding mssql dialect option (#5292)
  • 29283a1 Bump tsd from 0.22.0 to 0.23.0 (#5314)
  • 57692d3 Infer specific column value type in aggregations (#5297)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm
🦉 SQL Injection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant