Skip to content
This repository has been archived by the owner on Nov 27, 2020. It is now read-only.

[Snyk] Security upgrade dynamoose from 1.11.1 to 2.0.0 #160

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade dynamoose from 1.11.1 to 2.0.0 #160

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-OBJECTPATH-1017036		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: dynamoose The new version differs by 250 commits.
  • 147b90f Merge pull request #841 from dynamoose/version/2.0.0
  • 189ac96 Adding changelog for 2.0.0
  • 0e67bd9 Bumping version to 2.0.0
  • 6b6b0e9 Fixing publish error on latest
  • 829304b Updating README branch strategy
  • 28450c2 Removing breaking changes list
  • 6222448 Fixing issue where deleting branch wouldn鈥檛 work
  • 3b1d99d Fixing NPM polling for release
  • 5801150 Merge pull request #838 from dynamoose/version/2.0.0-beta.12
  • 5485177 Bumping version to 2.0.0-beta.12
  • c11e0f4 Merge pull request #831 from dynamoose/readmeUpdates
  • a33a863 Updating README
  • bb6d7d1 Merge branch 'master' into readmeUpdates
  • ba9ab74 Merge pull request #837 from dynamoose/projectUpdates
  • 59577aa Merge branch 'master' into projectUpdates
  • e1f5e21 Merge pull request #834 from dynamoose/documentRetrieverFix
  • 3d18b42 Adding more detail to contributing guidelines
  • a989a3f Adding link to documentation for v1
  • 0597113 Updating organization name from dynamoosejs to dynamoose
  • c0b802c Changing dynamoose.undefined to dynamoose.UNDEFINED
  • e38ed03 Updating dependencies
  • 4336a25 Merge branch 'master' into documentRetrieverFix
  • a286d1c Merge pull request #835 from dynamoose/updateFixes
  • 49ab53b Updating documentation for model update

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot