Skip to content

[Snyk] Fix for 1 vulnerabilities#66

Open
ebarahona wants to merge 1 commit intomasterfrom
snyk-fix-e1f822572ec392271646db8634334d62
Open

[Snyk] Fix for 1 vulnerabilities#66
ebarahona wants to merge 1 commit intomasterfrom
snyk-fix-e1f822572ec392271646db8634334d62

Conversation

@ebarahona
Copy link
Owner

@ebarahona ebarahona commented Apr 15, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: knex The new version differs by 250 commits.
  • 40c80b3 release 0.11.0
  • 415d008 Prepare for 0.11.0
  • 8a303f1 Merge pull request #1342 from h0vhannes/mssql-conn-urls
  • 9903e7d Merge pull request #1372 from mdrmuhaimin/patch-1
  • 4d88e1d Update package.json to use latest node-postures
  • d990708 Merge pull request #1362 from wolfgang42/mssql-fixes
  • a7f609a mssql dialect: Fix integration tests that check for quoted wrappers.
  • aa3c1c2 mssql dialect: make createTableIfNotExists actually work.
  • 85403e8 Merge pull request #1343 from wubzz/bugfix/pool.ping_for_mssql
  • 14eca7a Fix MSSQL ping function, calling resource.request().query instead of resource.query.
  • 8e41a33 Add parse URL connection string tests for MSSQL
  • e49b0d4 Correct connection URL parsing for MSSQL
  • 1f09df8 Merge pull request #1296 from wubzz/default_pool_ping_fn_and_rollback_handler
  • a223858 Increase rollback timeout to 5secs
  • abfff60 Update documentation regarding default `ping` function.
  • fa12571 A default `ping` fn in default pool settings, and silently ignore errors when querying 'ROLLBACK' on a dead connection by using Promise.Timeout.
  • a104cc0 Merge pull request #1315 from wubzz/bugfix/missing_error_event_for_mysql2
  • bb9663f Merge pull request #1326 from wubzz/bugfix/renameCol_drops_default_value
  • d3b1fcc Fixed test, forgot ES6 is not supported in the test suite.
  • 0b45356 .renameColumn should not drop defaultValue or nullable state. Currently this happens for mysql. Fixes #933
  • 2fad6d1 Mysql2 should also listen to 'error' events.
  • b8c8572 Merge pull request #1313 from jurko-gospodnetic/code-cleanup
  • 34d9a76 Merge pull request #1269 from wubzz/bugfix/fix_valuesForUndefined_actual_query
  • e9ebf6f touch up wording in warning message about manually removing migration locks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
f08be14 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ebarahona @snyk-bot