Skip to content
This repository has been archived by the owner on Aug 30, 2024. It is now read-only.

[Snyk] Fix for 2 vulnerabilities #91

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Fadyio
Copy link
Owner

@Fadyio Fadyio commented Nov 25, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • backend/package.json
    • backend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: passport-auth0 The new version differs by 37 commits.
  • 3fe9208 Release v1.4.1 (#147)
  • 7e5bd48 Fix build status badge (#145)
  • 1aaf257 [SDK-2811] Replace request with axios (#144)
  • 53dc43e Run CI on Node 12, 14 and 16 (#143)
  • 45a3d21 Run npm audit fix (#142)
  • 3feaf0f fix: upgrade request from 2.88.0 to 2.88.2 (#140)
  • 4927efb fix: upgrade passport-oauth2 from 1.5.0 to 1.6.0 (#141)
  • fb0608d Merge pull request #139 from auth0/circleci-project-setup
  • ecec81e Migrate to CircleCI
  • 1920790 Update lock file - ajv (#138)
  • 7a672c8 Merge pull request #136 from auth0/add-templates
  • 77f1ec9 Update config.yml
  • 52b5dc7 Setup pull-request and issue templates
  • 8fd4b15 Merge pull request #135 from auth0/davidpatrick-patch-1
  • 684fbb6 README Update with Maintenance Advisory
  • f19e222 Merge pull request #134 from auth0/add-templates
  • f3b1214 update issue template config.yml
  • e7faa31 Setup pull-request and issue templates
  • 97da27d Merge pull request #133 from auth0/add-codeowners-eng
  • 81ce782 Setup the CODEOWNERS for pull request reviews
  • 6b715cf Merge pull request #132 from auth0/release-1.4.0
  • 34c855a Release v1.4.0
  • c453513 Merge pull request #131 from alexbjorlig/allow-extra-params
  • 0b7f58e Merge branch 'master' into allow-extra-params

See the full diff

Package name: winston-loggly-bulk The new version differs by 53 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants