This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

[Snyk] Security upgrade quickmongo from 3.0.2 to 4.0.0 #19

Merged

sandarutharuneth merged 1 commit into main from snyk-fix-b3d7cbb5d7848ef28eb709686139111d

Feb 5, 2023

Owner

sandarutharuneth commented Feb 5, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept

Commit messages

Package name: quickmongo

The new version differs by 42 commits.

47375cb Merge pull request #34 from DevSnowflake/v4
f7b9568 feat(collection): add export method
1e93d06 chore: bump dependencies
590d6e3 chore: update version
824e4bd docs: update description
cedbfb1 refactor(collection): make data structure compatible with old version
62ca2a9 test(collection): add missing tests
3abe010 feat(collection): add latency method
a3000d3 feat(collection): add pull method and corresponding tests
94f53d5 feat(collection): add push method and tests
249fbc4 docs: add description
e03e024 Merge main branch to v4
4b36527 docs: typedefs
f49eec1 docs: typedefs
1686e59 ci: add docgen
0c997c2 docs: setup docgen
c17eb10 test(collection): add more test cases
582e4c2 feat(collection): add drop, all and tests
aefdf2f chore: prettied
ae657a8 refactor: better validation
688c4b2 test: use test instead of it
192069a fix(collection): add error message
6ef0cdf test: fix beforeAll
14bf9e3 test: fix beforeAll

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

9e3d5ca

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://snyk.io/vuln/SNYK-JS-MQUERY-1089718

sandarutharuneth merged commit 07bc20b into main

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.