Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #226

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #226

wants to merge 1 commit into from

Conversation

oratory
Copy link
Collaborator

@oratory oratory commented Jun 21, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • backend/package.json
    • backend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bullmq The new version differs by 250 commits.
  • cd8ffa4 chore(release): 1.82.3 [skip ci]
  • acb69b5 fix(redis-connection): save cluster opts and coerse redis version (#1247) ref #1246 fixes #1243
  • 1e4e1bc docs(bullmq-pro): update changelog (#1244)
  • 5d77e15 chore(release): 1.82.2 [skip ci]
  • 4d7ae9e fix(job): add job helper attribute for extension (#1242)
  • 547a853 chore(release): 1.82.1 [skip ci]
  • 54df47e fix(remove-job): pass right prev param in removed event (#1237)
  • 87a16f0 refactor(scripts): create class instance to handle scripts call (#1240)
  • a0b179c chore(release): 1.82.0 [skip ci]
  • 59b0da7 feat(remove-repeatable): return boolean depending on job existence (#1239) ref #1235
  • a265398 docs(bullmq-pro): add version 2.0.3 changelog
  • fb1ece0 docs(bullmq-pro): add changelog (#1234)
  • 83465ff refactor(remove-jobs): remove timestamp param from removeJobsByMaxCount (#1233)
  • 7edc886 chore(release): 1.81.4 [skip ci]
  • 7d2de8d fix(repeatable): emit removed event when removing (#1229)
  • 6cc16d6 chore(release): 1.81.3 [skip ci]
  • e7b25d0 fix(remove-parent): check removed record from waiting-children (#1227)
  • c175c13 chore(release): 1.81.2 [skip ci]
  • 38486cb fix(stalled): consider removeOnFail when failing jobs (#1225) fixes #1171
  • 22fae96 chore(release): 1.81.1 [skip ci]
  • 564de4f fix(add-bulk): use for loop and throw if error is present (#1223) fixes #1222
  • b01db23 chore(release): 1.81.0 [skip ci]
  • 14f0e4a feat(move-to-delayed): allow passing token (#1213)
  • 3e995f6 docs: add missing read more sections

See the full diff

Package name: jsonwebtoken The new version differs by 17 commits.
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
  • 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • 15a1bc4 refactor: make decode non-enumerable
  • 5f10bf9 docs: add jwtid to options of jwt.verify (#704)
  • 88cb9df Replace tilde-indexOf with includes (#647)
  • a6235fa Adds not to README on decoded payload validation (#646)
  • 5ed1f06 docs: fix tiny style change in readme (#622)
  • 9fb90ca style: add missing semicolon (#641)
  • a9e38b8 ci: use circleci (#589)

See the full diff

Package name: sharp The new version differs by 218 commits.
  • 1ff84b2 Release v0.29.3
  • 97655d2 Bump deps
  • d10d7b0 Docs: remove duplicate entry for mbklein (#2971)
  • 2ffdae2 Docs: changelog and credit for #2952
  • 342de36 Impute TIFF xres/yres from withMetadata({density})
  • b33231d Ensure correct dimensions when contain 1px image #2951
  • 319db21 Release v0.29.2
  • d359331 Remove animation props from single page images #2890
  • 7ae1513 Bump devDeps
  • 648a1e0 Throw error rather than exit for invalid binaries #2931
  • b9f211f Docs: changelog for #2918
  • e475d9e Improve error message on Windows for version conflict (#2918)
  • f37ca82 Bump deps
  • 1dd4be6 Add timeout function to limit processing time
  • 197d4cf Docs: changelog and credit for #2893
  • 83eed86 Docs: clarify prebuilt libc support on ARMv6/v7
  • bbf612c Replace use of deprecated util.inherits
  • 2679bb5 Allow use of 'tif' to select TIFF output (#2893)
  • 481e350 Ensure 'versions' is populated from vendored libvips
  • 50c7a08 Release v0.29.1
  • 9a0bb60 Bump deps
  • deb5d81 Docs: changelog entries for #2878 #2879
  • 916b04d Allow using speed 9 for AVIF/HEIC encoding (#2879)
  • 52307fa Resolve paths before comparing input/output destination (#2878)

See the full diff

Package name: tap The new version differs by 61 commits.
  • bc49fb7 15.0.0
  • 4378608 remove publishConfig beta tag
  • 2c2e75f provide mkdirRecursive polyfill for old node versions
  • 8f4c855 correctly specify 10.0.x versions
  • 5e61672 update deps
  • c44c418 Support 10.0 and test in CI
  • dc5c841 tcompare@5.0.4
  • 385b6d2 Add .taprc.yml/yaml handling to change log
  • 4f87466 just run regular test script as snap script
  • 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
  • 564e96f Add detection for .yaml and .yml
  • 75bae93 update cli doc
  • c1289bf 15.0.0-3
  • d6fe32f Do not CI on node 10
  • d2e0428 do not use equals() alias in self-test
  • 3f787c4 tell npm to be colorful in CI
  • 1512818 run tests with color on github actions
  • 4626fa1 Docs: update documentation for tap v15
  • 02d536b libtap@1.0.1
  • f7c7c58 update cli doc
  • 2aa497c 15.0.0-2
  • 8d7f62e Add support for overriding libtap's internal settings
  • 29eed63 new snapshot folder layout
  • 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@oratory @snyk-bot