Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade bcrypt from 5.0.0 to 5.0.1 #16

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade bcrypt from 5.0.0 to 5.0.1 #16

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Aug 8, 2021

Snyk has created this PR to upgrade bcrypt from 5.0.0 to 5.0.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 5 months ago, on 2021-02-26.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 481/1000
Why? Recently disclosed, CVSS 8.2		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 481/1000
Why? Recently disclosed, CVSS 8.2		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 481/1000
Why? Recently disclosed, CVSS 8.2		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: bcrypt
  • 5.0.1 - 2021-02-26

    Update node-pre-gyp to 1.0.0

  • 5.0.0 - 2020-06-08
    • Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
      It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
      was unsuccessful.
    • Experimental support for z/OS
    • Fix a bug related to NUL in password input
    • Update node-pre-gyp to 0.15.0
from bcrypt GitHub release notes
Commit messages
Package name: bcrypt
  • 2f124bd Fix artifact upload path
  • 10eacf5 Prepare v5.0.1
  • 6eacfe1 Merge pull request #856 from kelektiv/update-deps
  • feb477c Update node-pre-gyp to 1.0.0
  • 42c8b0c Merge pull request #852 from kelektiv/update-deps
  • bafefc3 Update packages
  • 7c5d8df Merge pull request #851 from recrsn/node-15-ci
  • 1ba55f9 Add Node 15 to CI
  • 19c06c1 Update Node version compatibility info
  • 09cb4fc Merge pull request #825 from dogon11/patch-1
  • 2821c03 Merge pull request #811 from techhead/use_buffers
  • 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
  • 984ef18 remove reference to $2y$ algo identifier
  • 630c897 fixes: #828
  • 0f93284 README.md typo fix
  • 4125ebc Update README.md
  • f503e57 Create SECURITY.md
  • f158e6e Allow optional use of Node Buffers.
  • 8866277 Deploy on any travis tag

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot