Skip to content

[Snyk] Fix for 1 vulnerabilities#44

Open
enterstudio wants to merge 1 commit into
masterfrom
snyk-fix-76441af8404e9e685a7e1e628c5f549f
Open

[Snyk] Fix for 1 vulnerabilities#44
enterstudio wants to merge 1 commit into
masterfrom
snyk-fix-76441af8404e9e685a7e1e628c5f549f

Conversation

@enterstudio

@enterstudio enterstudio commented Apr 16, 2024

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bookshelf The new version differs by 250 commits.
  • 3afecc4 Prepare for release
  • a81945a Merge pull request #1305 from tgriesser/feature/gh-pages-script
  • b497ce0 Remove test from `prepublish`.
  • ea66c18 Try to fix tests
  • 1822e74 Add postpublish script to tag and push
  • 96b7668 gh-pages script
  • ab426d9 Update changelog for next release
  • 6a77562 Merge pull request #1287 from acburdine/lodash-4
  • 4c7212f update changelog
  • 12c9af8 cleanup extend function and super method calls
  • 937eb59 deps: lodash@4.13.1
  • 619414c Merge pull request #1294 from chamini2/registry
  • bb8300f Changed registry plugin to re-implement only the _relation method
  • 0124c0b Merge pull request #1288 from vellotis/fix-beolngs_to_many-jsdocs
  • 4f48a7f Fix belongsToMany jsdocs
  • 54c2237 Merge pull request #1279 from 1mike12/1mike12-patch-1
  • e92f5f4 fix typo in docs
  • adeccde Merge pull request #1273 from vellotis/fix-linter-warnings
  • 637ea90 Merge pull request #1271 from vellotis/restore-postinstall-script
  • a099e98 Remove two linter warnings
  • 382f2c4 Fix Travis CI by restoring `postinstall` script in package.json
  • 89b888c Merge pull request #1107 from gergelyke/master
  • cbb8fef Merge pull request #1268 from jadengore/fix/documentation-model-where
  • 1182485 Add missing fetch() in Model#where

See the full diff

Package name: knex The new version differs by 250 commits.
  • 40c80b3 release 0.11.0
  • 415d008 Prepare for 0.11.0
  • 8a303f1 Merge pull request #1342 from h0vhannes/mssql-conn-urls
  • 9903e7d Merge pull request #1372 from mdrmuhaimin/patch-1
  • 4d88e1d Update package.json to use latest node-postures
  • d990708 Merge pull request #1362 from wolfgang42/mssql-fixes
  • a7f609a mssql dialect: Fix integration tests that check for quoted wrappers.
  • aa3c1c2 mssql dialect: make createTableIfNotExists actually work.
  • 85403e8 Merge pull request #1343 from wubzz/bugfix/pool.ping_for_mssql
  • 14eca7a Fix MSSQL ping function, calling resource.request().query instead of resource.query.
  • 8e41a33 Add parse URL connection string tests for MSSQL
  • e49b0d4 Correct connection URL parsing for MSSQL
  • 1f09df8 Merge pull request #1296 from wubzz/default_pool_ping_fn_and_rollback_handler
  • a223858 Increase rollback timeout to 5secs
  • abfff60 Update documentation regarding default `ping` function.
  • fa12571 A default `ping` fn in default pool settings, and silently ignore errors when querying 'ROLLBACK' on a dead connection by using Promise.Timeout.
  • a104cc0 Merge pull request #1315 from wubzz/bugfix/missing_error_event_for_mysql2
  • bb9663f Merge pull request #1326 from wubzz/bugfix/renameCol_drops_default_value
  • d3b1fcc Fixed test, forgot ES6 is not supported in the test suite.
  • 0b45356 .renameColumn should not drop defaultValue or nullable state. Currently this happens for mysql. Fixes #933
  • 2fad6d1 Mysql2 should also listen to 'error' events.
  • b8c8572 Merge pull request #1313 from jurko-gospodnetic/code-cleanup
  • 34d9a76 Merge pull request #1269 from wubzz/bugfix/fix_valuesForUndefined_actual_query
  • e9ebf6f touch up wording in warning message about manually removing migration locks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
b1d930c 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@enterstudio @snyk-bot