profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/snyk-bot/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Snyk bot snyk-bot @Snyk https://snyk.io Snyk's bot, opens pull requests to fix known vulnerabilities in your dependencies. Check out https://snyk.io/ to learn more.

snyk-bot/nodejs-pubsub 1

Node.js client for Google Cloud Pub/Sub: Ingest event streams from anywhere, at any scale, for simple, reliable, real-time stream analytics.

snyk-bot/lighthouse 0

Automated auditing, performance metrics, and best practices for the web.

snyk-bot/nodejs-error-reporting 0

Node.js client for Stackdriver Error Reporting: Count, analyze and aggregate the crashes in your running cloud services.

snyk-bot/shallow-goof 0

This is a shallow repo that contains a single vuln (for demo purposes)

PR opened jmamaoag-crh/cicd-workshop-js

[Snyk] Security upgrade node from 15.10.0 to 15.11.0

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • Dockerfile

We recommend upgrading to node:15.11.0, as this image has only 645 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
high severity 614 Information Exposure <br/>SNYK-DEBIAN9-LIBGCRYPT20-1297891 No Known Exploit
high severity 614 Use After Free <br/>SNYK-DEBIAN9-LIBXML2-1277344 No Known Exploit
high severity 614 Integer Overflow or Wraparound <br/>SNYK-DEBIAN9-OPENSSL-1075328 No Known Exploit
critical severity 714 Buffer Overflow <br/>SNYK-DEBIAN9-PYTHON35-1063181 No Known Exploit
high severity 614 NULL Pointer Dereference <br/>SNYK-DEBIAN9-SUBVERSION-1071813 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0YTI3NDg3ZS03N2QxLTQ2OGItOTM0NC1jYTRjMDFkNjJlYjkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjRhMjc0ODdlLTc3ZDEtNDY4Yi05MzQ0LWNhNGMwMWQ2MmViOSJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 2 minutes

PR opened bd0n4lds/contactless-cons-webapp

[Snyk] Upgrade com.fasterxml.jackson.datatype:jackson-datatype-json-org from 2.12.4 to 2.12.5

<h3>Snyk has created this PR to upgrade com.fasterxml.jackson.datatype:jackson-datatype-json-org from 2.12.4 to 2.12.5.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-27.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5MjY5MTZkZC0yNWExLTQ2NzItYTA4ZC0zZDUyOTM3MDUzYTEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjkyNjkxNmRkLTI1YTEtNDY3Mi1hMDhkLTNkNTI5MzcwNTNhMSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"926916dd-25a1-4672-a08d-3d52937053a1","prPublicId":"926916dd-25a1-4672-a08d-3d52937053a1","dependencies":[{"name":"com.fasterxml.jackson.datatype:jackson-datatype-json-org","from":"2.12.4","to":"2.12.5"}],"packageManager":"maven","type":"auto","projectUrl":"https://app.snyk.io/org/bd0n4lds/project/2d61f2ff-36db-4763-b3f6-24910a08e25e?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"2d61f2ff-36db-4763-b3f6-24910a08e25e","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2021-08-27T01:44:30.000Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

PR opened bd0n4lds/contactless-cons-webapp

[Snyk] Upgrade com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.12.4 to 2.12.5

<h3>Snyk has created this PR to upgrade com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.12.4 to 2.12.5.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-27.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3YjlkNDBhOC02ZDQ1LTQ1MjgtOTE0Ny1kZTNkNmI2Y2YyNzUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjdiOWQ0MGE4LTZkNDUtNDUyOC05MTQ3LWRlM2Q2YjZjZjI3NSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"7b9d40a8-6d45-4528-9147-de3d6b6cf275","prPublicId":"7b9d40a8-6d45-4528-9147-de3d6b6cf275","dependencies":[{"name":"com.fasterxml.jackson.datatype:jackson-datatype-jsr310","from":"2.12.4","to":"2.12.5"}],"packageManager":"maven","type":"auto","projectUrl":"https://app.snyk.io/org/bd0n4lds/project/2d61f2ff-36db-4763-b3f6-24910a08e25e?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"2d61f2ff-36db-4763-b3f6-24910a08e25e","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2021-08-27T01:11:03.000Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

PR opened bd0n4lds/contactless-cons-webapp

[Snyk] Upgrade org.hibernate:hibernate-core from 5.5.6 to 5.5.7.Final

<h3>Snyk has created this PR to upgrade org.hibernate:hibernate-core from 5.5.6 to 5.5.7.Final.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-25.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlNDE5MzQwZi1jZDQ3LTQyNjgtODEyMi04ZjFjZTQ5MDA0OTMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImU0MTkzNDBmLWNkNDctNDI2OC04MTIyLThmMWNlNDkwMDQ5MyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"e419340f-cd47-4268-8122-8f1ce4900493","prPublicId":"e419340f-cd47-4268-8122-8f1ce4900493","dependencies":[{"name":"org.hibernate:hibernate-core","from":"5.5.6","to":"5.5.7.Final"}],"packageManager":"maven","type":"auto","projectUrl":"https://app.snyk.io/org/bd0n4lds/project/2d61f2ff-36db-4763-b3f6-24910a08e25e?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"2d61f2ff-36db-4763-b3f6-24910a08e25e","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2021-08-25T14:04:07.000Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

PR opened ArthurRAmaral/projetodetisiv-america-locomotiva

[Snyk] Upgrade moment from 2.24.0 to 2.29.1

<h3>Snyk has created this PR to upgrade moment from 2.24.0 to 2.29.1.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 9 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-10-06.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIzOTJmY2M0YS00OWFkLTQ1ZGMtOGVlNC0xZTQwNDE2NTE3MTkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjM5MmZjYzRhLTQ5YWQtNDVkYy04ZWU0LTFlNDA0MTY1MTcxOSJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=yarn&package_name=moment&from_version=2.24.0&to_version=2.29.1&pr_id=392fcc4a-49ad-45dc-8ee4-1e4041651719&visibility=false&has_feature_flag=false" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"392fcc4a-49ad-45dc-8ee4-1e4041651719","prPublicId":"392fcc4a-49ad-45dc-8ee4-1e4041651719","dependencies":[{"name":"moment","from":"2.24.0","to":"2.29.1"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/arthurramaral/project/4e888087-d364-4de5-b4a5-ddc249739cd6?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"4e888087-d364-4de5-b4a5-ddc249739cd6","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":9,"publishedDate":"2020-10-06T11:21:28.627Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+7 -2

0 comment

2 changed files

pr created time in 5 minutes

PR opened ArthurRAmaral/projetodetisiv-america-locomotiva

[Snyk] Upgrade @adonisjs/bodyparser from 2.0.9 to 2.3.0

<h3>Snyk has created this PR to upgrade @adonisjs/bodyparser from 2.0.9 to 2.3.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released 6 months ago, on 2021-03-26.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0OGEwNzBiYS0yNGRkLTQzMGEtOWMwMS0yODVhNGE1NjBjZTgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjQ4YTA3MGJhLTI0ZGQtNDMwYS05YzAxLTI4NWE0YTU2MGNlOCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"48a070ba-24dd-430a-9c01-285a4a560ce8","prPublicId":"48a070ba-24dd-430a-9c01-285a4a560ce8","dependencies":[{"name":"@adonisjs/bodyparser","from":"2.0.9","to":"2.3.0"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/arthurramaral/project/4e888087-d364-4de5-b4a5-ddc249739cd6?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"4e888087-d364-4de5-b4a5-ddc249739cd6","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":11,"publishedDate":"2021-03-26T11:29:39.115Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+63 -12

0 comment

2 changed files

pr created time in 5 minutes

PR opened ArthurRAmaral/projetodetisiv-america-locomotiva

[Snyk] Upgrade knex from 0.20.13 to 0.95.11

<h3>Snyk has created this PR to upgrade knex from 0.20.13 to 0.95.11.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 41 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-09-03.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNWMzYjQ4MC02NmU5LTQ3ZDYtOTgzYy01YTM5MTFlZGY4NzMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE1YzNiNDgwLTY2ZTktNDdkNi05ODNjLTVhMzkxMWVkZjg3MyJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=yarn&package_name=knex&from_version=0.20.13&to_version=0.95.11&pr_id=15c3b480-66e9-47d6-983c-5a3911edf873&visibility=false&has_feature_flag=false" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"15c3b480-66e9-47d6-983c-5a3911edf873","prPublicId":"15c3b480-66e9-47d6-983c-5a3911edf873","dependencies":[{"name":"knex","from":"0.20.13","to":"0.95.11"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/arthurramaral/project/4e888087-d364-4de5-b4a5-ddc249739cd6?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"4e888087-d364-4de5-b4a5-ddc249739cd6","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":41,"publishedDate":"2021-09-03T19:46:57.060Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+87 -74

0 comment

2 changed files

pr created time in 5 minutes

PR opened ArthurRAmaral/projetodetisiv-america-locomotiva

[Snyk] Upgrade aws-sdk from 2.674.0 to 2.983.0

<h3>Snyk has created this PR to upgrade aws-sdk from 2.674.0 to 2.983.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 312 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-09-03.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-AWSSDK-1059424 686/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0NTBmNWQ3ZS1jNzlmLTQ1NDYtODZjMC04NjEwYjU2MmVkNjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjQ1MGY1ZDdlLWM3OWYtNDU0Ni04NmMwLTg2MTBiNTYyZWQ2NCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"450f5d7e-c79f-4546-86c0-8610b562ed64","prPublicId":"450f5d7e-c79f-4546-86c0-8610b562ed64","dependencies":[{"name":"aws-sdk","from":"2.674.0","to":"2.983.0"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/arthurramaral/project/4e888087-d364-4de5-b4a5-ddc249739cd6?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"4e888087-d364-4de5-b4a5-ddc249739cd6","env":"prod","prType":"upgrade","vulns":["SNYK-JS-AWSSDK-1059424"],"issuesToFix":[{"issueId":"SNYK-JS-AWSSDK-1059424","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":686,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]}],"upgrade":["SNYK-JS-AWSSDK-1059424"],"upgradeInfo":{"versionsDiff":312,"publishedDate":"2021-09-03T18:19:32.822Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[686]}) --->

+10 -10

0 comment

2 changed files

pr created time in 5 minutes

PR opened ArthurRAmaral/bovespa-rabbitmq-arthurramaral-guilermegoa-rabbitmq

[Snyk] Upgrade amqp-connection-manager from 3.2.2 to 3.6.0

<h3>Snyk has created this PR to upgrade amqp-connection-manager from 3.2.2 to 3.6.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 13 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-27.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlMmEwZjE0Ni1jZDllLTQ1YjEtOWRlZS1kZWE4MTlhZjM4NzIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImUyYTBmMTQ2LWNkOWUtNDViMS05ZGVlLWRlYTgxOWFmMzg3MiJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"e2a0f146-cd9e-45b1-9dee-dea819af3872","prPublicId":"e2a0f146-cd9e-45b1-9dee-dea819af3872","dependencies":[{"name":"amqp-connection-manager","from":"3.2.2","to":"3.6.0"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/arthurramaral/project/ce4cfc76-c319-4769-a7df-8828c4f1a5f2?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"ce4cfc76-c319-4769-a7df-8828c4f1a5f2","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":13,"publishedDate":"2021-08-27T14:56:24.844Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+9 -2

0 comment

2 changed files

pr created time in 6 minutes

PR opened kmr0877/zipline

[Snyk] Security upgrade python from 3.5 to 3.6.13

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • Dockerfile

We recommend upgrading to python:3.6.13, as this image has only 389 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
high severity 614 Integer Overflow or Wraparound <br/>SNYK-DEBIAN10-OPENSSL-1075326 No Known Exploit
critical severity 714 Buffer Overflow <br/>SNYK-DEBIAN10-OPENSSL-1569403 No Known Exploit
high severity 614 Out-of-bounds Read <br/>SNYK-DEBIAN10-OPENSSL-1569406 No Known Exploit
critical severity 714 Buffer Overflow <br/>SNYK-DEBIAN10-PYTHON37-1063182 No Known Exploit
high severity 614 NULL Pointer Dereference <br/>SNYK-DEBIAN10-SUBVERSION-1071814 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxYjM0MTMxYi00NzNkLTQxYzMtYmMyMS01NDhjNzczMWYzYzYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjFiMzQxMzFiLTQ3M2QtNDFjMy1iYzIxLTU0OGM3NzMxZjNjNiJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 6 minutes

PR opened ArthurRAmaral/bovespa-rabbitmq-arthurramaral-guilermegoa-rabbitmq

[Snyk] Security upgrade @nestjs/common from 7.6.15 to 8.0.7

<h3>Snyk has created this PR to fix one or more vulnerable packages in the yarn dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • corretora/package.json
    • corretora/yarn.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Regular Expression Denial of Service (ReDoS) <br/>SNYK-JS-AXIOS-1579269 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0NmJjYjMzMC1hNjRmLTQ2MTEtYTk4Yy0zODExMTAzNjJjN2IiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjQ2YmNiMzMwLWE2NGYtNDYxMS1hOThjLTM4MTExMDM2MmM3YiJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

+21 -16

0 comment

2 changed files

pr created time in 6 minutes

PR opened ArthurRAmaral/projetodetisiv-america-locomotiva

[Snyk] Upgrade fs-extra from 9.0.0 to 9.1.0

<h3>Snyk has created this PR to upgrade fs-extra from 9.0.0 to 9.1.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 8 months ago, on 2021-01-19.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3MjgzZjAzNi1jYzAzLTQ1MDEtYTIzMS1lZTcxYjAxYzM4ZjUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjcyODNmMDM2LWNjMDMtNDUwMS1hMjMxLWVlNzFiMDFjMzhmNSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"7283f036-cc03-4501-a231-ee71b01c38f5","prPublicId":"7283f036-cc03-4501-a231-ee71b01c38f5","dependencies":[{"name":"fs-extra","from":"9.0.0","to":"9.1.0"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/arthurramaral/project/99275c88-6f09-4ae8-b442-ee1fac66bc73?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"99275c88-6f09-4ae8-b442-ee1fac66bc73","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2021-01-19T17:28:37.001Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+11 -6

0 comment

2 changed files

pr created time in 6 minutes

PR opened ArthurRAmaral/bovespa-rabbitmq-arthurramaral-guilermegoa-rabbitmq

[Snyk] Security upgrade node from 15.11.0-alpine3.13 to 15-alpine3.13

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • bolsa-de-valores/Dockerfile

We recommend upgrading to node:15-alpine3.13, as this image has only 3 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 500 Out-of-bounds Read <br/>SNYK-ALPINE313-APKTOOLS-1533754 No Known Exploit
high severity 400 Improper Certificate Validation <br/>SNYK-ALPINE313-OPENSSL-1089239 No Known Exploit
high severity 400 Out-of-bounds Read <br/>SNYK-ALPINE313-OPENSSL-1569446 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE313-OPENSSL-1569448 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE313-OPENSSL-1569448 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIyZmM5M2VhMy1hMDRlLTRlYTMtOWZlMS1iMmFiZWQ2MTVkYmMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjJmYzkzZWEzLWEwNGUtNGVhMy05ZmUxLWIyYWJlZDYxNWRiYyJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 6 minutes

PR opened ArthurRAmaral/bovespa-rabbitmq-arthurramaral-guilermegoa-rabbitmq

[Snyk] Security upgrade node from 15.11.0-alpine3.13 to 15-alpine3.13

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • corretora/Dockerfile

We recommend upgrading to node:15-alpine3.13, as this image has only 3 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 500 Out-of-bounds Read <br/>SNYK-ALPINE313-APKTOOLS-1533754 No Known Exploit
high severity 400 Improper Certificate Validation <br/>SNYK-ALPINE313-OPENSSL-1089239 No Known Exploit
high severity 400 Out-of-bounds Read <br/>SNYK-ALPINE313-OPENSSL-1569446 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE313-OPENSSL-1569448 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE313-OPENSSL-1569448 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkZGEwYmRlOS0zZjRhLTQ3MWYtOGMzYy1mZjhhZjAxOGRmNjAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImRkYTBiZGU5LTNmNGEtNDcxZi04YzNjLWZmOGFmMDE4ZGY2MCJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 7 minutes

PR opened ArthurRAmaral/bovespa-rabbitmq-arthurramaral-guilermegoa-rabbitmq

[Snyk] Security upgrade @nestjs/common from 7.6.15 to 8.0.7

<h3>Snyk has created this PR to fix one or more vulnerable packages in the yarn dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • bolsa-de-valores/package.json
    • bolsa-de-valores/yarn.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Regular Expression Denial of Service (ReDoS) <br/>SNYK-JS-AXIOS-1579269 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3ZDM3YmIyNy1lZjNhLTQ2NDYtODEyNC04OWIxMTRjMmQ5NTkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjdkMzdiYjI3LWVmM2EtNDY0Ni04MTI0LTg5YjExNGMyZDk1OSJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

+21 -16

0 comment

2 changed files

pr created time in 7 minutes

PR opened whiskels/TelegramNotifierBot

[Snyk] Upgrade com.slack.api:slack-api-client from 1.10.0 to 1.11.0

<h3>Snyk has created this PR to upgrade com.slack.api:slack-api-client from 1.10.0 to 1.11.0.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-25.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3N2Q2YmU0OC02MGI0LTQxMzAtOTVlOC01ZjA2ZjZhYTIzMWEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijc3ZDZiZTQ4LTYwYjQtNDEzMC05NWU4LTVmMDZmNmFhMjMxYSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"77d6be48-60b4-4130-95e8-5f06f6aa231a","prPublicId":"77d6be48-60b4-4130-95e8-5f06f6aa231a","dependencies":[{"name":"com.slack.api:slack-api-client","from":"1.10.0","to":"1.11.0"}],"packageManager":"maven","type":"auto","projectUrl":"https://app.snyk.io/org/whiskels/project/6460895d-63fa-4db6-addd-ba81e865dde3?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"6460895d-63fa-4db6-addd-ba81e865dde3","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2021-08-25T23:45:52.000Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 10 minutes

PR opened Kamal1182/contactsManager

[Snyk] Upgrade tslib from 2.2.0 to 2.3.1

<h3>Snyk has created this PR to upgrade tslib from 2.2.0 to 2.3.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-11.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>tslib</b></summary> <ul> <li> <b>2.3.1</b> - <a href="https://snyk.io/redirect/github/microsoft/tslib/releases/tag/2.3.1">2021-08-11</a></br><p>This release updates the <code>__spreadArray</code> helper for TypeScript 4.4 to correctly operate on collections that are not "concat-spreadable" such as the DOM's <code>NodeList</code>s and <code>HTMLCollection</code>s.</p> </li> <li> <b>2.3.0</b> - <a href="https://snyk.io/redirect/github/microsoft/tslib/releases/tag/2.3.0">2021-06-11</a></br><p>This release updates tslib to use TypeScript 4.4's upcoming <code>__spreadArray</code> helper which correctly preserves sparse array inputs (e.g. arrays containing "missing" elements like <code>[1, 2, , 4]</code>). This new version of <code>__spreadArray</code> is backwards-compatible and is often also faster. See <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="917586505" data-permission-text="Title is private" data-url="https://github.com/microsoft/tslib/issues/151" data-hovercard-type="pull_request" data-hovercard-url="/microsoft/tslib/pull/151/hovercard" href="https://snyk.io/redirect/github/microsoft/tslib/pull/151">#151</a> for more details.</p> </li> <li> <b>2.2.0</b> - <a href="https://snyk.io/redirect/github/microsoft/tslib/releases/tag/2.2.0">2021-04-05</a></br><p>This release supports TypeScript 4.3's new functionality for ECMAScript private methods and accessors, and private static class members.</p> <p>It does so by expanding the scope of <code>__classPrivateFieldGet</code> and <code>__classPrivateFieldSet</code>. See <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="838927664" data-permission-text="Title is private" data-url="https://github.com/microsoft/tslib/issues/146" data-hovercard-type="pull_request" data-hovercard-url="/microsoft/tslib/pull/146/hovercard" href="https://snyk.io/redirect/github/microsoft/tslib/pull/146">#146</a> for more details.</p> </li> </ul> from <a href="https://snyk.io/redirect/github/Microsoft/tslib/releases">tslib GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>tslib</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/251802eeddb5556f507595c624ee7792154ce9fc">251802e</a> Bump version to 2.3.1.</li> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/ffb69384dc9b65285190d3cf500adb954fc7a022">ffb6938</a> Merge pull request #155 from microsoft/fixSpreadArrayForNonConcatSpreadables</li> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/dc0616a9b5f5f453fb31429bbb77268c1a72ac60">dc0616a</a> Fix __spreadArray for non-concat-spreadables</li> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/0b9301459c223140c9a01b4215cbbc1639a396ca">0b93014</a> Bump version to 2.3.0.</li> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/1f2daa73835a2b13e4302455b5afc943c9ca50c5">1f2daa7</a> Update __spreadArray helper (#151)</li> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/4f0f29bb9d94eb9b8e353d15f476c6f6b4537df2">4f0f29b</a> Merge pull request #142 from microsoft/orta-deploy-docs</li> <li><a href="https://snyk.io/redirect/github/microsoft/tslib/commit/be5f805ed52018a20c1f1138d0ef6e1a64a1c2d4">be5f805</a> Update README.md</li> </ul>

<a href="https://snyk.io/redirect/github/microsoft/tslib/compare/f7eea49789d7902f96802d37e674e75590f7eb66...251802eeddb5556f507595c624ee7792154ce9fc">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiNjY0Mjk1NS1hMzI1LTQ0YTctYTc2Ni1mODZhN2E3OGM4YzciLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImI2NjQyOTU1LWEzMjUtNDRhNy1hNzY2LWY4NmE3YTc4YzhjNyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"b6642955-a325-44a7-a766-f86a7a78c8c7","prPublicId":"b6642955-a325-44a7-a766-f86a7a78c8c7","dependencies":[{"name":"tslib","from":"2.2.0","to":"2.3.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kamal1182/project/7acbe771-ebb8-45f7-b831-abd00211587a?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"7acbe771-ebb8-45f7-b831-abd00211587a","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2021-08-11T22:55:34.653Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 11 minutes

PR opened Kamal1182/contactsManager

[Snyk] Upgrade express-validator from 6.11.1 to 6.12.1

<h3>Snyk has created this PR to upgrade express-validator from 6.11.1 to 6.12.1.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-07-23.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>express-validator</b></summary> <ul> <li> <b>6.12.1</b> - <a href="https://snyk.io/redirect/github/express-validator/express-validator/releases/tag/v6.12.1">2021-07-23</a></br><ul> <li><a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="943963877" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1061" data-hovercard-type="pull_request" data-hovercard-url="/express-validator/express-validator/pull/1061/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/pull/1061">#1061</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="940033931" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1059" data-hovercard-type="issue" data-hovercard-url="/express-validator/express-validator/issues/1059/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/issues/1059">#1059</a> - allow using readonly arrays in TypeScript</li> </ul> </li> <li> <b>6.12.0</b> - <a href="https://snyk.io/redirect/github/express-validator/express-validator/releases/tag/v6.12.0">2021-06-14</a></br><ul> <li><a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="916750417" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1047" data-hovercard-type="issue" data-hovercard-url="/express-validator/express-validator/issues/1047/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/issues/1047">#1047</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="919645762" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1049" data-hovercard-type="pull_request" data-hovercard-url="/express-validator/express-validator/pull/1049/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/pull/1049">#1049</a> - make <code>withMessage</code> actually override a custom validator's message</li> <li><a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="870340364" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1026" data-hovercard-type="issue" data-hovercard-url="/express-validator/express-validator/issues/1026/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/issues/1026">#1026</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="885103917" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1037" data-hovercard-type="pull_request" data-hovercard-url="/express-validator/express-validator/pull/1037/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/pull/1037">#1037</a> - add missing arguments of <code>isAlphanumeric</code></li> </ul> </li> <li> <b>6.11.1</b> - <a href="https://snyk.io/redirect/github/express-validator/express-validator/releases/tag/v6.11.1">2021-05-08</a></br><ul> <li><a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="880280632" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1034" data-hovercard-type="issue" data-hovercard-url="/express-validator/express-validator/issues/1034/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/issues/1034">#1034</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="880461525" data-permission-text="Title is private" data-url="https://github.com/express-validator/express-validator/issues/1035" data-hovercard-type="pull_request" data-hovercard-url="/express-validator/express-validator/pull/1035/hovercard" href="https://snyk.io/redirect/github/express-validator/express-validator/pull/1035">#1035</a> - Fix publishing mistake with npm 7</li> </ul> </li> </ul> from <a href="https://snyk.io/redirect/github/express-validator/express-validator/releases">express-validator GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>express-validator</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/690cd636df27cd5d32ad4f0e3f6ca783d86f873f">690cd63</a> 6.12.1</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/4557793c7127ffabc771ee02ed5f61635abe681e">4557793</a> Use readonly arrays for validator options (#1061)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/5a29d11c56fb3f9dc1d6d5862075242f19dfad4c">5a29d11</a> npm: update to lockfile v2, remove coveralls</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/cbd5e1344f7100038ab2613fddfdd8e493ec2b58">cbd5e13</a> ci: add basic github actions workflow (#1066)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/cb7860fd57fedb467bf12e50c239a151e1d573d1">cb7860f</a> docs: fix typo in feature-running-imperatively.md (#1067)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/ba13bfd381237026bb758efd36ec09fc5bf54a1f">ba13bfd</a> chore(deps): bump prismjs from 1.23.0 to 1.24.0 (#1055)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/6608d108424fa5e68b0b297405eac296d5bfbc5d">6608d10</a> ci: test with node.js 15</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/6d97ec81a5fec75aa8525bae308e8e57d9846a6b">6d97ec8</a> chore(deps): bump set-getter from 0.1.0 to 0.1.1 (#1052)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/7c6853407d597212f7c384b467b5bbb5a46ce158">7c68534</a> 6.12.0</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/88d6f0187f6812b2deef092c8af32ac2f2bc1699">88d6f01</a> npm: upgrade docusaurus</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/91088320717fd48f4d82b86ac7f6c198fc18008d">9108832</a> Prioritize `withMessage` errors over the ones thrown by `CustomValidator` (#1049)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/f9da949926770f6ca35267973ee6d6823e9c199e">f9da949</a> chore(deps): bump ws from 7.4.0 to 7.4.6 (#1042)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/50601dcefa98d129721762831ae9acfe25b9d319">50601dc</a> chore: update `CONTRIBUTING.md` (#1043)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/3bc20464921d3a6751c0719affbba2e23a996062">3bc2046</a> feat: add `options` to `isAlphanumeric` (#1037)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/5062e33457ad98b544c7580243a3e54484ad3e4e">5062e33</a> chore: update `CONTRIBUTING.md` (#1038)</li> <li><a href="https://snyk.io/redirect/github/express-validator/express-validator/commit/91a0859e155b304c073bd7ee1dcb34895bee5a0a">91a0859</a> chore(deps): bump hosted-git-info from 2.8.5 to 2.8.9 (#1036)</li> </ul>

<a href="https://snyk.io/redirect/github/express-validator/express-validator/compare/6670d19a73af698cff9c691703292be5b41df540...690cd636df27cd5d32ad4f0e3f6ca783d86f873f">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiNzk0ZmJiMS1lYTIyLTRiYTItOWI2NC0wNDNkYmZlYjhlOWEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImI3OTRmYmIxLWVhMjItNGJhMi05YjY0LTA0M2RiZmViOGU5YSJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=express-validator&from_version=6.11.1&to_version=6.12.1&pr_id=b794fbb1-ea22-4ba2-9b64-043dbfeb8e9a&visibility=false&has_feature_flag=false" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"b794fbb1-ea22-4ba2-9b64-043dbfeb8e9a","prPublicId":"b794fbb1-ea22-4ba2-9b64-043dbfeb8e9a","dependencies":[{"name":"express-validator","from":"6.11.1","to":"6.12.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kamal1182/project/7acbe771-ebb8-45f7-b831-abd00211587a?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"7acbe771-ebb8-45f7-b831-abd00211587a","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2021-07-23T09:23:28.601Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+54 -31

0 comment

2 changed files

pr created time in 11 minutes

PR opened Kamal1182/contactsManager

[Snyk] Upgrade mongodb from 3.6.6 to 3.7.0

<h3>Snyk has created this PR to upgrade mongodb from 3.6.6 to 3.7.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released 25 days ago, on 2021-08-31.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>mongodb</b></summary> <ul> <li> <b>3.7.0</b> - <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v3.7.0">2021-08-31</a></br><p>The MongoDB Node.js team is pleased to announce version 3.7.0 of the mongodb package!</p> <h2>Release Highlights</h2> <h2>Versioned API</h2> <p>Versioned API is a new feature in MongoDB 5.0 that allows user-selectable API versions, subsets of MongoDB server semantics, to be declared on a client. During communication with a server, clients with a declared API version will force the server to behave in a manner compatible with the API version. Declaring an API version on a client can be used to ensure consistent responses from a server, providing long term API stability for an application. The declared API version is applied to all commands run through the client, including those sent through the generic RunCommand helper. Specifying versioned API options in the command document AND declaring an API version on the client is not supported and will lead to undefined behavior.</p> <h3>Declare an API version on a client</h3> <div class="highlight highlight-source-js position-relative" data-snippet-clipboard-copy-content="// Declare API version "1" for the client client = new MongoClient(uri, { serverApi: { version: '1' } });

cursor = client.db('database').collection('coll').find(...); "><pre><span class="pl-c">// Declare API version "1" for the client</span> <span class="pl-s1">client</span> <span class="pl-c1">=</span> <span class="pl-k">new</span> <span class="pl-v">MongoClient</span><span class="pl-kos">(</span><span class="pl-s1">uri</span><span class="pl-kos">,</span> <span class="pl-kos">{</span> <span class="pl-c1">serverApi</span>: <span class="pl-kos">{</span> <span class="pl-c1">version</span>: <span class="pl-s">'1'</span> <span class="pl-kos">}</span> <span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">;</span>

<span class="pl-s1">cursor</span> <span class="pl-c1">=</span> <span class="pl-s1">client</span><span class="pl-kos">.</span><span class="pl-en">db</span><span class="pl-kos">(</span><span class="pl-s">'database'</span><span class="pl-kos">)</span><span class="pl-kos">.</span><span class="pl-en">collection</span><span class="pl-kos">(</span><span class="pl-s">'coll'</span><span class="pl-kos">)</span><span class="pl-kos">.</span><span class="pl-en">find</span><span class="pl-kos">(</span>...<span class="pl-kos">)</span><span class="pl-kos">;</span></pre></div> <h3>Strict mode</h3> <p>Declaring a <code>strict</code> API version will cause the MongoDB server to reject all commands that are not part of the declared API version. This includes command options and aggregation pipeline stages. For example, the following <code>find</code> call would fail because the <code>tailable</code> option is not part of version 1:</p> <div class="highlight highlight-source-js position-relative" data-snippet-clipboard-copy-content="// Declare API version "1" for the client, with strict on client = new MongoClient(uri, { serverApi: { version: '1', strict: true } });

// Fails with an error cursor = client.db('database').collection('coll').find({ ... }, { tailable: true }); "><pre><span class="pl-c">// Declare API version "1" for the client, with strict on</span> <span class="pl-s1">client</span> <span class="pl-c1">=</span> <span class="pl-k">new</span> <span class="pl-v">MongoClient</span><span class="pl-kos">(</span><span class="pl-s1">uri</span><span class="pl-kos">,</span> <span class="pl-kos">{</span> <span class="pl-c1">serverApi</span>: <span class="pl-kos">{</span> <span class="pl-c1">version</span>: <span class="pl-s">'1'</span><span class="pl-kos">,</span> <span class="pl-c1">strict</span>: <span class="pl-c1">true</span> <span class="pl-kos">}</span> <span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">;</span>

<span class="pl-c">// Fails with an error</span> <span class="pl-s1">cursor</span> <span class="pl-c1">=</span> <span class="pl-s1">client</span><span class="pl-kos">.</span><span class="pl-en">db</span><span class="pl-kos">(</span><span class="pl-s">'database'</span><span class="pl-kos">)</span><span class="pl-kos">.</span><span class="pl-en">collection</span><span class="pl-kos">(</span><span class="pl-s">'coll'</span><span class="pl-kos">)</span><span class="pl-kos">.</span><span class="pl-en">find</span><span class="pl-kos">(</span><span class="pl-kos">{</span> ... <span class="pl-kos">}</span><span class="pl-kos">,</span> <span class="pl-kos">{</span> <span class="pl-c1">tailable</span>: <span class="pl-c1">true</span> <span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">;</span></pre></div> <h3>Deprecation Errors</h3> <p>The <code>deprecationErrors</code> option can be used to enable command failures when using functionality that is deprecated from version 1. Note that at the time of this writing, no deprecations in version 1 exist.</p> <div class="highlight highlight-source-js position-relative" data-snippet-clipboard-copy-content="// Declare API version "1" for the client, with deprecationErrors on client = new MongoClient(uri, { serverApi: { version: '1', deprecationErrors: true } });

// Note: since API version "1" is the initial version, there are no deprecated commands to provide as an example yet. "><pre><span class="pl-c">// Declare API version "1" for the client, with deprecationErrors on</span> <span class="pl-s1">client</span> <span class="pl-c1">=</span> <span class="pl-k">new</span> <span class="pl-v">MongoClient</span><span class="pl-kos">(</span><span class="pl-s1">uri</span><span class="pl-kos">,</span> <span class="pl-kos">{</span> <span class="pl-c1">serverApi</span>: <span class="pl-kos">{</span> <span class="pl-c1">version</span>: <span class="pl-s">'1'</span><span class="pl-kos">,</span> <span class="pl-c1">deprecationErrors</span>: <span class="pl-c1">true</span> <span class="pl-kos">}</span> <span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">;</span>

<span class="pl-c">// Note: since API version "1" is the initial version, there are no deprecated commands to provide as an example yet.</span></pre></div> <h3>Features</h3> <ul> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3191">NODE-3191</a>:</strong> backport versioned api (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2850" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2850/hovercard">#2850</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/93a47fdbd92a27f0821cbcf59a951d581bfec9c0">93a47fd</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3377">NODE-3377</a>:</strong> driver should allow arbitrary explain levels (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2961" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2961/hovercard">#2961</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/96c8ab41e38eb5a4c012b4cd5df3ab8c59a5d9fe">96c8ab4</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3463">NODE-3463</a>:</strong> pass explain error through to callback (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2949" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2949/hovercard">#2949</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e5975af98615b2e0ef82b0031d4ec687d5a85109">e5975af</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Reference: <a href="https://docs.mongodb.com/drivers/node/current/" rel="nofollow">https://docs.mongodb.com/drivers/node/current/</a></li> <li>API: <a href="https://mongodb.github.io/node-mongodb-native/3.7/api/" rel="nofollow">https://mongodb.github.io/node-mongodb-native/3.7/api/</a></li> <li>Changelog: <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/v3.7.0/HISTORY.md">https://github.com/mongodb/node-mongodb-native/blob/v3.7.0/HISTORY.md</a></li> </ul> <p>We invite you to try the mongodb library immediately, and report any issues to the <a href="https://jira.mongodb.org/projects/NODE" rel="nofollow">NODE project</a>.</p> </li> <li> <b>3.6.12</b> - <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v3.6.12">2021-08-30</a></br><p>The MongoDB Node.js team is pleased to announce version 3.6.12 of the mongodb package!</p> <h3>Bug Fixes</h3> <ul> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3487">NODE-3487</a>:</strong> check for nullish aws mechanism property (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2957" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2957/hovercard">#2957</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/5902b4c13a977c659af94b1fbcbcfbe5e7ca4db4">5902b4c</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3528">NODE-3528</a>:</strong> add support for snappy v7 (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2947" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2947/hovercard">#2947</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/54f5c2d682828bc751242cf4e90ea73f0342c842">54f5c2d</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Reference: <a href="https://docs.mongodb.com/drivers/node/current/" rel="nofollow">https://docs.mongodb.com/drivers/node/current/</a></li> <li>API: <a href="https://mongodb.github.io/node-mongodb-native/3.6/api/" rel="nofollow">https://mongodb.github.io/node-mongodb-native/3.6/api/</a></li> <li>Changelog: <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/v3.6.12/HISTORY.md">https://github.com/mongodb/node-mongodb-native/blob/v3.6.12/HISTORY.md</a></li> </ul> <p>We invite you to try the mongodb library immediately, and report any issues to the <a href="https://jira.mongodb.org/projects/NODE" rel="nofollow">NODE project</a>.</p> </li> <li> <b>3.6.11</b> - <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v3.6.11">2021-08-05</a></br><p>The MongoDB Node.js team is pleased to announce version 3.6.11 of the mongodb package!</p> <h2>Release Highlights</h2> <p>This patch addresses a few bugs listed below.<br> Notably, we fixed an issue with the way we imported one of our optional dependencies that blocked webpack bundling.</p> <p>If you are a webpack user you will still get warnings for our optional dependencies (if you don't use them).<br> You can hush the warnings by adding <a href="https://webpack.js.org/configuration/externals/" rel="nofollow">this option</a> to your webpack config:</p> <div class="highlight highlight-source-js position-relative" data-snippet-clipboard-copy-content="{ // ... externals: [ 'mongodb-client-encryption', 'aws4', 'saslprep', 'kerberos', 'snappy', 'bson-ext', ], // ... } "><pre><span class="pl-kos">{</span> <span class="pl-c">// ...</span> <span class="pl-c1">externals</span>: <span class="pl-kos">[</span> <span class="pl-s">'mongodb-client-encryption'</span><span class="pl-kos">,</span> <span class="pl-s">'aws4'</span><span class="pl-kos">,</span> <span class="pl-s">'saslprep'</span><span class="pl-kos">,</span> <span class="pl-s">'kerberos'</span><span class="pl-kos">,</span> <span class="pl-s">'snappy'</span><span class="pl-kos">,</span> <span class="pl-s">'bson-ext'</span><span class="pl-kos">,</span> <span class="pl-kos">]</span><span class="pl-kos">,</span> <span class="pl-c">// ...</span> <span class="pl-kos">}</span></pre></div> <p>It is important to note that this will leave the imports in place and not pull in the code to your bundle. If you later do adopt using these dependencies you'll want to revert the relevant setting.</p> <h3>Bug Fixes</h3> <ul> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-1843">NODE-1843</a>:</strong> bulk operations ignoring provided sessions (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2898" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2898/hovercard">#2898</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/9244b1771e538f7b685fd6d4aa83d9da84b20093">9244b17</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3199">NODE-3199</a>:</strong> unable to bundle driver due to uncaught require (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2903" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2903/hovercard">#2903</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/60efe9d0030477da462d326c2e2ddc5fe6c0ffff">60efe9d</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Reference: <a href="https://docs.mongodb.com/drivers/node/current/" rel="nofollow">https://docs.mongodb.com/drivers/node/current/</a></li> <li>API: <a href="http://mongodb.github.io/node-mongodb-native/3.6/api" rel="nofollow">http://mongodb.github.io/node-mongodb-native/3.6/api</a></li> <li>Changelog: <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/3.6/HISTORY.md">https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md</a></li> </ul> <p>We invite you to try the mongodb package immediately, and report any issues to the <a href="https://jira.mongodb.org/projects/NODE" rel="nofollow">NODE project</a>.</p> </li> <li> <b>3.6.10</b> - <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases/tag/v3.6.10">2021-07-06</a></br><p>The MongoDB Node.js team is pleased to announce version 3.6.10 of the mongodb package!</p> <h2>Release Highlights</h2> <p>This patch addresses a few bugs listed below. Notably the <code>bsonRegExp</code> option is now respected by the underlying BSON library, you can use this to decode regular expressions that contain syntax not permitted in native JS RegExp objects. Take a look at this example:</p> <div class="highlight highlight-source-js position-relative" data-snippet-clipboard-copy-content="await collection.insertOne({ a: new BSONRegExp('(?-i)AA_') }) await collection.findOne({ a: new BSONRegExp('(?-i)AA_') }, { bsonRegExp: true }) // { id: ObjectId, a: BSONRegExp { pattern: '(?-i)AA', options: '' } } "><pre><span class="pl-k">await</span> <span class="pl-s1">collection</span><span class="pl-kos">.</span><span class="pl-en">insertOne</span><span class="pl-kos">(</span><span class="pl-kos">{</span> <span class="pl-c1">a</span>: <span class="pl-k">new</span> <span class="pl-v">BSONRegExp</span><span class="pl-kos">(</span><span class="pl-s">'(?-i)AA_'</span><span class="pl-kos">)</span> <span class="pl-kos">}</span><span class="pl-kos">)</span> <span class="pl-k">await</span> <span class="pl-s1">collection</span><span class="pl-kos">.</span><span class="pl-en">findOne</span><span class="pl-kos">(</span><span class="pl-kos">{</span> <span class="pl-c1">a</span>: <span class="pl-k">new</span> <span class="pl-v">BSONRegExp</span><span class="pl-kos">(</span><span class="pl-s">'(?-i)AA_'</span><span class="pl-kos">)</span> <span class="pl-kos">}</span><span class="pl-kos">,</span> <span class="pl-kos">{</span> <span class="pl-c1">bsonRegExp</span>: <span class="pl-c1">true</span> <span class="pl-kos">}</span><span class="pl-kos">)</span> <span class="pl-c">// { id: ObjectId, a: BSONRegExp { pattern: '(?-i)AA', options: '' } }</span></pre></div> <p>Also there was an issue with <code>Cursor.forEach</code> where user defined forEach callbacks that throw errors incorrectly handled catching errors. Take a look at the comments in this example:</p> <div class="highlight highlight-source-js position-relative" data-snippet-clipboard-copy-content="collection.find({}).forEach(doc => { if(doc.bad) throw new Error('bad document!'); }).catch(error => { // now this is called! and error is bad document! }) // before this fix the bad document! error would be thrown synchronously // and have to be caught with try catch out here "><pre><span class="pl-s1">collection</span><span class="pl-kos">.</span><span class="pl-en">find</span><span class="pl-kos">(</span><span class="pl-kos">{</span><span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">.</span><span class="pl-en">forEach</span><span class="pl-kos">(</span><span class="pl-s1">doc</span> <span class="pl-c1">=></span> <span class="pl-kos">{</span> <span class="pl-k">if</span><span class="pl-kos">(</span><span class="pl-s1">doc</span><span class="pl-kos">.</span><span class="pl-c1">bad</span><span class="pl-kos">)</span> <span class="pl-k">throw</span> <span class="pl-k">new</span> <span class="pl-v">Error</span><span class="pl-kos">(</span><span class="pl-s">'bad document!'</span><span class="pl-kos">)</span><span class="pl-kos">;</span> <span class="pl-kos">}</span><span class="pl-kos">)</span><span class="pl-kos">.</span><span class="pl-en">catch</span><span class="pl-kos">(</span><span class="pl-s1">error</span> <span class="pl-c1">=></span> <span class="pl-kos">{</span> <span class="pl-c">// now this is called! and error is bad document!</span> <span class="pl-kos">}</span><span class="pl-kos">)</span> <span class="pl-c">// before this fix the bad document! error would be thrown synchronously</span> <span class="pl-c">// and have to be caught with try catch out here</span></pre></div> <h3>Bug Fixes</h3> <ul> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-2035">NODE-2035</a>:</strong> Exceptions thrown from awaited cursor forEach do not propagate (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2852" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2852/hovercard">#2852</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/a917dfada67859412344ed238796cf3bee243f5f">a917dfa</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3150">NODE-3150</a>:</strong> added bsonRegExp option for v3.6 (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2843" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2843/hovercard">#2843</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e4a9a572427666fd1a89576dadf50b9c452e1659">e4a9a57</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3358">NODE-3358</a>:</strong> Command monitoring objects hold internal state references (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2858" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2858/hovercard">#2858</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/750760c324ddedb72491befde9f7aff1ceec009c">750760c</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3380">NODE-3380</a>:</strong> perform retryable write checks against server (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2861" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2861/hovercard">#2861</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/621677a42772e0b26aa13883f57d7e42f86df43f">621677a</a>)</li> <li><strong><a class="issue-link js-issue-link" rel="noopener noreferrer nofollow" href="https://jira.mongodb.org/browse/NODE-3397">NODE-3397</a>:</strong> report more helpful error with unsupported authMechanism in initial handshake (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/issues/2876" data-hovercard-type="pull_request" data-hovercard-url="/mongodb/node-mongodb-native/pull/2876/hovercard">#2876</a>) (<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/3ce148d8fb37faea1ee056f6e9331e5282e65cd0">3ce148d</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Reference: <a href="https://docs.mongodb.com/drivers/node/current/" rel="nofollow">https://docs.mongodb.com/drivers/node/current/</a></li> <li>API: <a href="http://mongodb.github.io/node-mongodb-native/3.6/api" rel="nofollow">http://mongodb.github.io/node-mongodb-native/3.6/api</a></li> <li>Changelog: <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/blob/3.6/HISTORY.md">https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md</a></li> </ul> <p>We invite you to try the mongodb package immediately, and report any issues to the <a href="https://jira.mongodb.org/projects/NODE" rel="nofollow">NODE project</a>.</p> </li> <li> <b>3.6.9</b> - 2021-05-26 </li> <li> <b>3.6.8</b> - 2021-05-21 </li> <li> <b>3.6.7</b> - 2021-05-18 </li> <li> <b>3.6.6</b> - 2021-04-06 </li> </ul> from <a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/releases">mongodb GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>mongodb</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/44df7d7ae648bcde98f93c72c7e5ba00b848ec71">44df7d7</a> chore(release): 3.7.0</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/1a7661885a5ec29a4d9418829439232e080ed983">1a76618</a> fix: versioned api low node compat fix (#2970)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/7602f68ffb2e8d2cbae39d02395161cd8a5489fb">7602f68</a> docs(NODE-3406): add versioned api examples (#2969)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/a07aa56b4f43acfb968a136723336b32152ca307">a07aa56</a> test(NODE-3409): support AWS temp credentials in CSFLE tests (#2968)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/eae0e05022d0667853eb3ab044f15e170d01d16e">eae0e05</a> chore(NODE-3303): deprecate md5 hash and isConnected (#2960)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/77ab63e7bfe7eab6de157a4673bc726bd45389cb">77ab63e</a> test(NODE-3387): correctly extract findOneX values in unified operations (#2966)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/96c8ab41e38eb5a4c012b4cd5df3ab8c59a5d9fe">96c8ab4</a> fix(NODE-3377): driver should allow arbitrary explain levels (#2961)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/4c25984ad247161c7344ce1db20da2ad15ee7a20">4c25984</a> chore: sync 3.6 changes to 3.7 (#2963)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e5975af98615b2e0ef82b0031d4ec687d5a85109">e5975af</a> fix(NODE-3463): pass explain error through to callback (#2949)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/238a4b0e1adbf45f9e08b96ebb189bbde22f9182">238a4b0</a> fix(NODE-3290): versioned api validation and tests (#2869)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/91a2fc967c0d0d3d3176b31aa28da3f4d5b26919">91a2fc9</a> Merge remote-tracking branch 'origin/3.6' into 3.7</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/6ee945e7a51df925d4b6a4004c851995f832ce78">6ee945e</a> chore(NODE-3316): add author info and update bug url in package.json (#2887)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/ecc930b8c97ddcb5fe7d0447edd183b5110e9cd6">ecc930b</a> test(NODE-3381): command monitoring redaction tests (#2873)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/1297cd169f0f941f33974e7c889b61ba18a082b7">1297cd1</a> chore(release): 3.6.10</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e9196ab0850169571627ffd2b013cbef8e3e9d9f">e9196ab</a> refactor(NODE-3324): bump max wire version to 13 (#2875)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/3ce148d8fb37faea1ee056f6e9331e5282e65cd0">3ce148d</a> fix(NODE-3397): report more helpful error with unsupported authMechanism in initial handshake (#2876)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/558182f614ae2f956f6e0e4e7ceb6d2f2287d866">558182f</a> test(NODE-3307): unified runner does not assert identical keys (#2867)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/621677a42772e0b26aa13883f57d7e42f86df43f">621677a</a> fix(NODE-3380): perform retryable write checks against server (#2861)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/e4a9a572427666fd1a89576dadf50b9c452e1659">e4a9a57</a> fix(NODE-3150): added bsonRegExp option for v3.6 (#2843)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/750760c324ddedb72491befde9f7aff1ceec009c">750760c</a> fix(NODE-3358): Command monitoring objects hold internal state references (#2858)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/93a47fdbd92a27f0821cbcf59a951d581bfec9c0">93a47fd</a> feat(NODE-3191): backport versioned api (#2850)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/a917dfada67859412344ed238796cf3bee243f5f">a917dfa</a> fix(NODE-2035): Exceptions thrown from awaited cursor forEach do not propagate (#2852)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/b98f2061de9e8b0a814e3e7d39a0e914245953d0">b98f206</a> refactor(NODE-3356): Update command monitoring logging (#2853)</li> <li><a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/commit/33e82480a3d66f7d833b21a304c1e1cbd2a999d1">33e8248</a> test(NODE-3188): backport transaction pinning tests (#2839)</li> </ul>

<a href="https://snyk.io/redirect/github/mongodb/node-mongodb-native/compare/dfb03ad5f48ab1ebdb9cae7e93f4cc54ef9e744e...44df7d7ae648bcde98f93c72c7e5ba00b848ec71">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4MWNiOTAwOS0yODNiLTRlN2YtYTBkMS0xZmFhYzQ0OWI3MGMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjgxY2I5MDA5LTI4M2ItNGU3Zi1hMGQxLTFmYWFjNDQ5YjcwYyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"81cb9009-283b-4e7f-a0d1-1faac449b70c","prPublicId":"81cb9009-283b-4e7f-a0d1-1faac449b70c","dependencies":[{"name":"mongodb","from":"3.6.6","to":"3.7.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kamal1182/project/7acbe771-ebb8-45f7-b831-abd00211587a?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"7acbe771-ebb8-45f7-b831-abd00211587a","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":7,"publishedDate":"2021-08-31T21:07:20.779Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+56 -33

0 comment

2 changed files

pr created time in 11 minutes

PR opened Kamal1182/contactsManager

[Snyk] Upgrade: @angular/cdk, @angular/material

<h3>Snyk has created this PR to upgrade multiple dependencies.</h3> ๐Ÿ‘ฏ The following dependencies are linked and will therefore be updated together. </br></br> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. </br></br>

Name Versions Released on
@angular/cdk</br>from 12.0.0 to 12.2.4 20 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/material</br>from 12.0.0 to 12.2.4 20 versions ahead of your current version 24 days ago</br>on 2021-09-01

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@angular/cdk</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/components/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 "pulp-porpoise" (2021-09-01)</h1> <h3>material</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/116766d13ecbf4f45da638945609412c470c2ead">fix - 116766d13e</a></td> <td><strong>tabs:</strong> tab header border reset when parent has a background color (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="979824440" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23450" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23450/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23450">#23450</a>)</td> </tr> </tbody> </table> <h3>cdk</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/7177d3390618dad3c6a7cf65054e7e4f869dce3d">fix - 7177d33906</a></td> <td><strong>testing:</strong> fix value stringification in harnesses (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975944593" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23421" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23421/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23421">#23421</a>)</td> </tr> </tbody> </table> <h2>Special Thanks</h2> <p>Kristiyan Kostadinov, Miles Malerba, Paul Gschwendtner and Rameshwor Shrestha</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/components/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 "meteorite-mango" (2021-08-25)</h1> <h3>material/datepicker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/1244e25e92aa616fc84d86722aa1b81568831635">fix - 1244e25e9</a></td> <td>calendar reopening on spacebar selection (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="965149083" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23336" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23336/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23336">#23336</a>)</td> </tr> </tbody> </table> <h3>material/stepper</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/8103d9bc57f335fe5ff1c6c12ca4964fc27ccb15">fix - 8103d9bc5</a></td> <td>remove ripple and hover styling for disabled step (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="972131461" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23386" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23386/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23386">#23386</a>)</td> </tr> </tbody> </table> <h3>material-experimental/mdc-slider</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/e725863a43e0f8293b67739a2ad5b50b48aa630d">fix - e725863a4</a></td> <td>correct description of slider harness thumb getters (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="977517091" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23431" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23431/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23431">#23431</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Amy Sorto, Kristiyan Kostadinov, Michael-James, Paul Gschwendtner and Wagner Maciel</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-15 </li> <li> <b>12.1.1</b> - 2021-07-01 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-rc.0</b> - 2021-06-16 </li> <li> <b>12.1.0-next.1</b> - 2021-06-16 </li> <li> <b>12.1.0-next.0</b> - 2021-06-09 </li> <li> <b>12.0.6</b> - 2021-06-25 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-03 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/components/releases">@angular/cdk GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/material</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/components/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 "pulp-porpoise" (2021-09-01)</h1> <h3>material</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/116766d13ecbf4f45da638945609412c470c2ead">fix - 116766d13e</a></td> <td><strong>tabs:</strong> tab header border reset when parent has a background color (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="979824440" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23450" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23450/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23450">#23450</a>)</td> </tr> </tbody> </table> <h3>cdk</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/7177d3390618dad3c6a7cf65054e7e4f869dce3d">fix - 7177d33906</a></td> <td><strong>testing:</strong> fix value stringification in harnesses (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975944593" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23421" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23421/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23421">#23421</a>)</td> </tr> </tbody> </table> <h2>Special Thanks</h2> <p>Kristiyan Kostadinov, Miles Malerba, Paul Gschwendtner and Rameshwor Shrestha</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/components/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 "meteorite-mango" (2021-08-25)</h1> <h3>material/datepicker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/1244e25e92aa616fc84d86722aa1b81568831635">fix - 1244e25e9</a></td> <td>calendar reopening on spacebar selection (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="965149083" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23336" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23336/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23336">#23336</a>)</td> </tr> </tbody> </table> <h3>material/stepper</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/8103d9bc57f335fe5ff1c6c12ca4964fc27ccb15">fix - 8103d9bc5</a></td> <td>remove ripple and hover styling for disabled step (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="972131461" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23386" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23386/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23386">#23386</a>)</td> </tr> </tbody> </table> <h3>material-experimental/mdc-slider</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/components/commit/e725863a43e0f8293b67739a2ad5b50b48aa630d">fix - e725863a4</a></td> <td>correct description of slider harness thumb getters (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="977517091" data-permission-text="Title is private" data-url="https://github.com/angular/components/issues/23431" data-hovercard-type="pull_request" data-hovercard-url="/angular/components/pull/23431/hovercard" href="https://snyk.io/redirect/github/angular/components/pull/23431">#23431</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Amy Sorto, Kristiyan Kostadinov, Michael-James, Paul Gschwendtner and Wagner Maciel</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-15 </li> <li> <b>12.1.1</b> - 2021-07-01 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-rc.0</b> - 2021-06-16 </li> <li> <b>12.1.0-next.1</b> - 2021-06-16 </li> <li> <b>12.1.0-next.0</b> - 2021-06-09 </li> <li> <b>12.0.6</b> - 2021-06-25 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-03 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/components/releases">@angular/material GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIzNmRmMmU3Zi00OWJjLTQ3NTItOWU3OS04MGViNjFhYzNjYjgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjM2ZGYyZTdmLTQ5YmMtNDc1Mi05ZTc5LTgwZWI2MWFjM2NiOCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"36df2e7f-49bc-4752-9e79-80eb61ac3cb8","prPublicId":"36df2e7f-49bc-4752-9e79-80eb61ac3cb8","dependencies":[{"name":"@angular/cdk","from":"12.0.0","to":"12.2.4"},{"name":"@angular/material","from":"12.0.0","to":"12.2.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kamal1182/project/7acbe771-ebb8-45f7-b831-abd00211587a?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"7acbe771-ebb8-45f7-b831-abd00211587a","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":20,"publishedDate":"2021-09-01T18:33:26.736Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+2 -2

0 comment

1 changed file

pr created time in 11 minutes

PR opened Kamal1182/contactsManager

[Snyk] Upgrade: @angular/animations, @angular/common, @angular/compiler, @angular/core, @angular/forms, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/router

<h3>Snyk has created this PR to upgrade multiple dependencies.</h3> ๐Ÿ‘ฏโ€โ™‚ The following dependencies are linked and will therefore be updated together. </br></br> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. </br></br>

Name Versions Released on
@angular/animations</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/common</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/compiler</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/core</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/forms</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/platform-browser</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/platform-browser-dynamic</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01
@angular/router</br>from 12.0.0 to 12.2.4 27 versions ahead of your current version 24 days ago</br>on 2021-09-01

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@angular/animations</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-17 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/animations GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/common</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-17 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/common GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/compiler</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-17 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/compiler GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/core</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-16 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/core GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/forms</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-16 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/forms GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/platform-browser</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-16 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/platform-browser GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/platform-browser-dynamic</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-16 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/platform-browser-dynamic GitHub release notes</a> </details> <details> <summary>Package name: <b>@angular/router</b></summary> <ul> <li> <b>12.2.4</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.4">2021-09-01</a></br><p><a name="user-content-12.2.4"></a></p> <h1>12.2.4 (2021-09-01)</h1> <h3>compiler-cli</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/8233906be25e19da6d8115094616d3e4b5e36fea">fix - 8233906be2</a></td> <td>Emit type annotations for synthesized decorator fields (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="958516839" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43021" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43021/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43021">#43021</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Andrew Scott, Daniel Trevino, George Kalpakas, Joey Perrott, Kristiyan Kostadinov, nickreid and segunb</p> </li> <li> <b>12.2.3</b> - <a href="https://snyk.io/redirect/github/angular/angular/releases/tag/12.2.3">2021-08-25</a></br><p><a name="user-content-12.2.3"></a></p> <h1>12.2.3 (2021-08-25)</h1> <h3>service-worker</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="https://snyk.io/redirect/github/angular/angular/commit/fc7f92159df16e894d9909cfc8969ed4b7d9924a">fix - fc7f92159d</a></td> <td>NPE if onActionClick is undefined (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="975563497" data-permission-text="Title is private" data-url="https://github.com/angular/angular/issues/43210" data-hovercard-type="pull_request" data-hovercard-url="/angular/angular/pull/43210/hovercard" href="https://snyk.io/redirect/github/angular/angular/pull/43210">#43210</a>)</td> </tr> </tbody> </table> <h2>Special Thanks:</h2> <p>Daniel Trevino, Erik Slack, George Kalpakas, dario-piotrowicz and shlasouski</p> </li> <li> <b>12.2.2</b> - 2021-08-18 </li> <li> <b>12.2.1</b> - 2021-08-11 </li> <li> <b>12.2.0</b> - 2021-08-04 </li> <li> <b>12.2.0-rc.0</b> - 2021-07-28 </li> <li> <b>12.2.0-next.3</b> - 2021-07-21 </li> <li> <b>12.2.0-next.2</b> - 2021-07-14 </li> <li> <b>12.2.0-next.1</b> - 2021-06-30 </li> <li> <b>12.2.0-next.0</b> - 2021-06-24 </li> <li> <b>12.1.5</b> - 2021-08-04 </li> <li> <b>12.1.4</b> - 2021-07-28 </li> <li> <b>12.1.3</b> - 2021-07-21 </li> <li> <b>12.1.2</b> - 2021-07-14 </li> <li> <b>12.1.1</b> - 2021-06-30 </li> <li> <b>12.1.0</b> - 2021-06-24 </li> <li> <b>12.1.0-next.6</b> - 2021-06-16 </li> <li> <b>12.1.0-next.5</b> - 2021-06-09 </li> <li> <b>12.1.0-next.4</b> - 2021-06-02 </li> <li> <b>12.1.0-next.3</b> - 2021-05-26 </li> <li> <b>12.1.0-next.2</b> - 2021-05-19 </li> <li> <b>12.1.0-next.1</b> - 2021-05-05 </li> <li> <b>12.0.5</b> - 2021-06-16 </li> <li> <b>12.0.4</b> - 2021-06-09 </li> <li> <b>12.0.3</b> - 2021-06-02 </li> <li> <b>12.0.2</b> - 2021-05-26 </li> <li> <b>12.0.1</b> - 2021-05-19 </li> <li> <b>12.0.0</b> - 2021-05-12 </li> </ul> from <a href="https://snyk.io/redirect/github/angular/angular/releases">@angular/router GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1N2Y3NTZiYS02NWJhLTRiYTEtYTY0Yy1mOGE4Mjc1MWIxMzMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjU3Zjc1NmJhLTY1YmEtNGJhMS1hNjRjLWY4YTgyNzUxYjEzMyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"57f756ba-65ba-4ba1-a64c-f8a82751b133","prPublicId":"57f756ba-65ba-4ba1-a64c-f8a82751b133","dependencies":[{"name":"@angular/animations","from":"12.0.0","to":"12.2.4"},{"name":"@angular/common","from":"12.0.0","to":"12.2.4"},{"name":"@angular/compiler","from":"12.0.0","to":"12.2.4"},{"name":"@angular/core","from":"12.0.0","to":"12.2.4"},{"name":"@angular/forms","from":"12.0.0","to":"12.2.4"},{"name":"@angular/platform-browser","from":"12.0.0","to":"12.2.4"},{"name":"@angular/platform-browser-dynamic","from":"12.0.0","to":"12.2.4"},{"name":"@angular/router","from":"12.0.0","to":"12.2.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kamal1182/project/7acbe771-ebb8-45f7-b831-abd00211587a?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"7acbe771-ebb8-45f7-b831-abd00211587a","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":27,"publishedDate":"2021-09-01T18:35:02.430Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+8 -8

0 comment

1 changed file

pr created time in 11 minutes

PR opened Umair-Nazim/JulietNew

[Snyk] Upgrade commons-codec:commons-codec from 1.10 to 1.15

<h3>Snyk has created this PR to upgrade commons-codec:commons-codec from 1.10 to 1.15.</h3>

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.</br> :sparkles: Snyk has automatically assigned this pull request, set who gets assigned.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-08-28.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> Information Exposure<br/> SNYK-JAVA-COMMONSCODEC-561518 399/1000 <br/> Why? Has a fix available, CVSS 3.7 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5ODI1MTczYy04NjljLTQ0YzQtOWEwZS1iZTliMmEwZTI0OGEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijk4MjUxNzNjLTg2OWMtNDRjNC05YTBlLWJlOWIyYTBlMjQ4YSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ‘ฉโ€๐Ÿ’ป Set who automatically gets assigned

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"9825173c-869c-44c4-9a0e-be9b2a0e248a","prPublicId":"9825173c-869c-44c4-9a0e-be9b2a0e248a","dependencies":[{"name":"commons-codec:commons-codec","from":"1.10","to":"1.15"}],"packageManager":"maven","type":"auto","projectUrl":"https://app.snyk.io/org/umair-nazim/project/b9d3caec-2975-404c-b2ed-de96d2082423?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"b9d3caec-2975-404c-b2ed-de96d2082423","env":"prod","prType":"upgrade","vulns":["SNYK-JAVA-COMMONSCODEC-561518"],"issuesToFix":[{"issueId":"SNYK-JAVA-COMMONSCODEC-561518","severity":"low","title":"Information Exposure","exploitMaturity":"no-known-exploit","priorityScore":399,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185}]}],"upgrade":["SNYK-JAVA-COMMONSCODEC-561518"],"upgradeInfo":{"versionsDiff":5,"publishedDate":"2020-08-28T12:02:54.000Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[399]}) --->

+1 -1

0 comment

1 changed file

pr created time in 11 minutes

PR opened krishnamanchikalapudi/examples.java

[Snyk] Upgrade org.glassfish.jersey.media:jersey-media-json-binding from 2.34 to 2.35

<h3>Snyk has created this PR to upgrade org.glassfish.jersey.media:jersey-media-json-binding from 2.34 to 2.35.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 23 days ago, on 2021-09-03.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjNWYwYjRhYi00ZTVmLTRjZGItOTNmNy1mYzc1Yjg5ZjdkMjkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImM1ZjBiNGFiLTRlNWYtNGNkYi05M2Y3LWZjNzViODlmN2QyOSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"c5f0b4ab-4e5f-4cdb-93f7-fc75b89f7d29","prPublicId":"c5f0b4ab-4e5f-4cdb-93f7-fc75b89f7d29","dependencies":[{"name":"org.glassfish.jersey.media:jersey-media-json-binding","from":"2.34","to":"2.35"}],"packageManager":"maven","type":"auto","projectUrl":"https://app.snyk.io/org/krishnamanchikalapudi/project/1e274f54-e3e4-4575-acbb-13530ad4213e?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"1e274f54-e3e4-4575-acbb-13530ad4213e","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2021-09-03T10:51:33.000Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 12 minutes

PR opened Lohn/slim-swoole-skeleton

[Snyk] Security upgrade php from 7.4.2-cli to 7-cli

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • docker/swoole/Dockerfile-unixsocket

We recommend upgrading to php:7-cli, as this image has only 71 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 714 Double Free <br/>SNYK-DEBIAN10-CURL-466509 No Known Exploit
critical severity 714 Buffer Overflow <br/>SNYK-DEBIAN10-CURL-466510 No Known Exploit
high severity 614 Use After Free <br/>SNYK-DEBIAN10-CURL-608200 No Known Exploit
high severity 614 Information Exposure <br/>SNYK-DEBIAN10-LIBGCRYPT20-1297893 No Known Exploit
critical severity 714 Buffer Overflow <br/>SNYK-DEBIAN10-OPENSSL-1569403 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5ZjFhNDQ1Mi05ZGQ5LTQyZmItYWVhMC02YzA1MWU2YzhjMWMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjlmMWE0NDUyLTlkZDktNDJmYi1hZWEwLTZjMDUxZTZjOGMxYyJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 13 minutes

PR opened ClaytonOSouza/wordpress

[Snyk] Security upgrade php from 7.2-alpine to 7.3.11-alpine

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • php7.2/cli/Dockerfile

We recommend upgrading to php:7.3.11-alpine, as this image has only 28 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 500 Out-of-bounds Read <br/>SNYK-ALPINE312-APKTOOLS-1533753 No Known Exploit
high severity 400 Out-of-bounds Read <br/>SNYK-ALPINE312-OPENSSL-1569450 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE312-OPENSSL-1569452 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE312-OPENSSL-1569452 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE312-OPENSSL-1569452 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NmFiN2U4OC01YzI2LTQ4YzItYTQ3YS1mODNkMjM2YjU3NDIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY2YWI3ZTg4LTVjMjYtNDhjMi1hNDdhLWY4M2QyMzZiNTc0MiJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 16 minutes

PR opened hackistic/hackisticjs

[Snyk] Upgrade: gatsby, gatsby-plugin-google-analytics, gatsby-plugin-manifest, gatsby-plugin-netlify

<h3>Snyk has created this PR to upgrade multiple dependencies.</h3> ๐Ÿ‘ฏ The following dependencies are linked and will therefore be updated together. </br></br> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. </br></br>

Name Versions Released on
gatsby</br>from 2.17.15 to 2.32.13 646 versions ahead of your current version 5 months ago</br>on 2021-05-04
gatsby-plugin-google-analytics</br>from 2.1.27 to 2.11.0 56 versions ahead of your current version 8 months ago</br>on 2021-02-02
gatsby-plugin-manifest</br>from 2.2.28 to 2.12.1 105 versions ahead of your current version 7 months ago</br>on 2021-02-24
gatsby-plugin-netlify</br>from 2.1.25 to 2.11.1 61 versions ahead of your current version 6 months ago</br>on 2021-03-18

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Access Restriction Bypass<br/> SNYK-JS-XMLHTTPREQUESTSSL-1255647 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Arbitrary Code Injection<br/> SNYK-JS-XMLHTTPREQUESTSSL-1082936 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-UAPARSERJS-610226 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-UAPARSERJS-1023599 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Denial of Service (DoS)<br/> SNYK-JS-SOCKETIOPARSER-1056752 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Arbitrary Code Injection<br/> SNYK-JS-SERIALIZEJAVASCRIPT-570062 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Cross-site Scripting (XSS)<br/> SNYK-JS-SERIALIZEJAVASCRIPT-536840 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-NODEFORGE-598677 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Denial of Service (DoS)<br/> SNYK-JS-ENGINEIO-1056749 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-AXIOS-1579269 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service (DoS)<br/> npm:mem:20180117 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-YARGSPARSER-560381 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-YARGSPARSER-560381 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-YARGSPARSER-560381 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-UAPARSERJS-1072471 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service (DoS)<br/> SNYK-JS-SOCKJS-575261 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Insecure Defaults<br/> SNYK-JS-SOCKETIO-1024859 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service<br/> SNYK-JS-NODEFETCH-674311 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service<br/> SNYK-JS-NODEFETCH-674311 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service<br/> SNYK-JS-NODEFETCH-674311 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Cross-site Scripting (XSS)<br/> SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Mature
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-FLAT-596927 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Server-Side Request Forgery (SSRF)<br/> SNYK-JS-AXIOS-1038255 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5OGIzNjBkZC05YzRhLTRlMWYtYTg4NS05MzdiYTZmZjllMWEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijk4YjM2MGRkLTljNGEtNGUxZi1hODg1LTkzN2JhNmZmOWUxYSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"98b360dd-9c4a-4e1f-a885-937ba6ff9e1a","prPublicId":"98b360dd-9c4a-4e1f-a885-937ba6ff9e1a","dependencies":[{"name":"gatsby","from":"2.17.15","to":"2.32.13"},{"name":"gatsby-plugin-google-analytics","from":"2.1.27","to":"2.11.0"},{"name":"gatsby-plugin-manifest","from":"2.2.28","to":"2.12.1"},{"name":"gatsby-plugin-netlify","from":"2.1.25","to":"2.11.1"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/hacksterjs/project/42f824ae-4e8d-4913-ada8-72b08eefef44?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"42f824ae-4e8d-4913-ada8-72b08eefef44","env":"prod","prType":"upgrade","vulns":["SNYK-JS-XMLHTTPREQUESTSSL-1255647","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-UAPARSERJS-610226","SNYK-JS-UAPARSERJS-1023599","SNYK-JS-SOCKETIOPARSER-1056752","SNYK-JS-SERIALIZEJAVASCRIPT-570062","SNYK-JS-SERIALIZEJAVASCRIPT-536840","SNYK-JS-NODEFORGE-598677","SNYK-JS-ENGINEIO-1056749","SNYK-JS-AXIOS-1579269","npm:mem:20180117","SNYK-JS-YARGSPARSER-560381","SNYK-JS-YARGSPARSER-560381","SNYK-JS-YARGSPARSER-560381","SNYK-JS-UAPARSERJS-1072471","SNYK-JS-SOCKJS-575261","SNYK-JS-SOCKETIO-1024859","SNYK-JS-NODEFETCH-674311","SNYK-JS-NODEFETCH-674311","SNYK-JS-NODEFETCH-674311","SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775","SNYK-JS-FLAT-596927","SNYK-JS-AXIOS-1038255"],"issuesToFix":[{"issueId":"SNYK-JS-XMLHTTPREQUESTSSL-1255647","severity":"high","title":"Access Restriction Bypass","exploitMaturity":"proof-of-concept","priorityScore":472,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-XMLHTTPREQUESTSSL-1082936","severity":"high","title":"Arbitrary Code Injection","exploitMaturity":"proof-of-concept","priorityScore":512,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405}]},{"issueId":"SNYK-JS-UAPARSERJS-610226","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-UAPARSERJS-1023599","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-SOCKETIOPARSER-1056752","severity":"high","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","severity":"high","title":"Arbitrary Code Injection","exploitMaturity":"proof-of-concept","priorityScore":706,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385}]},{"issueId":"SNYK-JS-SERIALIZEJAVASCRIPT-536840","severity":"high","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":619,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405}]},{"issueId":"SNYK-JS-NODEFORGE-598677","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":472,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-ENGINEIO-1056749","severity":"high","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":696,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-AXIOS-1579269","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":696,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"npm:mem:20180117","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit","priorityScore":255,"priorityScoreFactors":[{"type":"cvssScore","label":"5.1","score":255}]},{"issueId":"SNYK-JS-YARGSPARSER-560381","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":387,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.6","score":280}]},{"issueId":"SNYK-JS-YARGSPARSER-560381","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":387,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.6","score":280}]},{"issueId":"SNYK-JS-YARGSPARSER-560381","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":387,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.6","score":280}]},{"issueId":"SNYK-JS-UAPARSERJS-1072471","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":306,"priorityScoreFactors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"5.9","score":295}]},{"issueId":"SNYK-JS-SOCKJS-575261","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-SOCKETIO-1024859","severity":"medium","title":"Insecure Defaults","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-NODEFETCH-674311","severity":"medium","title":"Denial of Service","exploitMaturity":"no-known-exploit","priorityScore":306,"priorityScoreFactors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"5.9","score":295}]},{"issueId":"SNYK-JS-NODEFETCH-674311","severity":"medium","title":"Denial of Service","exploitMaturity":"no-known-exploit","priorityScore":306,"priorityScoreFactors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"5.9","score":295}]},{"issueId":"SNYK-JS-NODEFETCH-674311","severity":"medium","title":"Denial of Service","exploitMaturity":"no-known-exploit","priorityScore":306,"priorityScoreFactors":[{"type":"exploit","label":"Unproven","score":11},{"type":"cvssScore","label":"5.9","score":295}]},{"issueId":"SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775","severity":"medium","title":"Cross-site Scripting (XSS)","exploitMaturity":"mature","priorityScore":496,"priorityScoreFactors":[{"type":"exploit","label":"Functional","score":171},{"type":"cvssScore","label":"6.5","score":325}]},{"issueId":"SNYK-JS-FLAT-596927","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":407,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6","score":300}]},{"issueId":"SNYK-JS-AXIOS-1038255","severity":"medium","title":"Server-Side Request Forgery (SSRF)","exploitMaturity":"proof-of-concept","priorityScore":616,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295}]}],"upgrade":["SNYK-JS-XMLHTTPREQUESTSSL-1255647","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-UAPARSERJS-610226","SNYK-JS-UAPARSERJS-1023599","SNYK-JS-SOCKETIOPARSER-1056752","SNYK-JS-SERIALIZEJAVASCRIPT-570062","SNYK-JS-SERIALIZEJAVASCRIPT-536840","SNYK-JS-NODEFORGE-598677","SNYK-JS-ENGINEIO-1056749","SNYK-JS-AXIOS-1579269","npm:mem:20180117","SNYK-JS-YARGSPARSER-560381","SNYK-JS-YARGSPARSER-560381","SNYK-JS-YARGSPARSER-560381","SNYK-JS-UAPARSERJS-1072471","SNYK-JS-SOCKJS-575261","SNYK-JS-SOCKETIO-1024859","SNYK-JS-NODEFETCH-674311","SNYK-JS-NODEFETCH-674311","SNYK-JS-NODEFETCH-674311","SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775","SNYK-JS-FLAT-596927","SNYK-JS-AXIOS-1038255"],"upgradeInfo":{"versionsDiff":646,"publishedDate":"2021-05-04T11:24:00.724Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[472,512,482,482,482,706,619,472,696,696,255,387,387,387,306,372,372,306,306,306,496,407,616]}) --->

+5216 -2203

0 comment

2 changed files

pr created time in 17 minutes

PR opened yukou-isshiki/covid19

[Snyk] Security upgrade node from 10.19-alpine to 10.23.3-alpine

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • Dockerfile

We recommend upgrading to node:10.23.3-alpine, as this image has only 10 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 500 Out-of-bounds Read <br/>SNYK-ALPINE311-APKTOOLS-1534687 No Known Exploit
high severity 400 Out-of-bounds Read <br/>SNYK-ALPINE311-OPENSSL-1569447 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE311-OPENSSL-1569451 No Known Exploit
critical severity 500 Buffer Overflow <br/>SNYK-ALPINE311-OPENSSL-1569451 No Known Exploit
high severity 400 NULL Pointer Dereference <br/>SNYK-ALPINE311-OPENSSL-587980 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NmNkZmI5Yy03MzlkLTRhODAtODQ0ZS1hMmI1ZTA1ZDZjYzUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY2Y2RmYjljLTczOWQtNGE4MC04NDRlLWEyYjVlMDVkNmNjNSJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 17 minutes

PR opened mitsuhiro-kajitani/PrestaShop

[Snyk] Security upgrade php from 7.1-fpm-alpine to 7.3.31-fpm-alpine

Keeping your Docker base image up-to-date means youโ€™ll benefit from security fixes in the latest version of your chosen image.

Changes included in this PR

  • docs/docker/nginx_fpm/prestashop-fpm/Dockerfile

We recommend upgrading to php:7.3.31-fpm-alpine, as this image has only 3 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Some of the most important vulnerabilities in your base image include:

Severity Priority Score / 1000 Issue Exploit Maturity
critical severity 500 Out-of-bounds Read <br/>SNYK-ALPINE310-APKTOOLS-1534688 No Known Exploit
high severity 400 Improper Certificate Validation <br/>SNYK-ALPINE310-OPENSSL-1089244 No Known Exploit
high severity 400 NULL Pointer Dereference <br/>SNYK-ALPINE310-OPENSSL-587954 No Known Exploit
high severity 400 CVE-2019-19244 <br/>SNYK-ALPINE310-SQLITE-1019961 No Known Exploit
high severity 400 Improper Initialization <br/>SNYK-ALPINE310-SQLITE-587307 No Known Exploit

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZmNjZTI1YS1jNjg2LTQxZTMtYTE2Yi04ZWQ4MDU0NTg4NGYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVmY2NlMjVhLWM2ODYtNDFlMy1hMTZiLThlZDgwNTQ1ODg0ZiJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

+1 -1

0 comment

1 changed file

pr created time in 18 minutes

PR opened rsolomonjr/The-Road-To-Learn-React

[Snyk] Security upgrade react-scripts from 2.1.1 to 3.0.0

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • hackernews-renewed/package.json
    • hackernews-renewed/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 506/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 Regular Expression Denial of Service (ReDoS) <br/>npm:braces:20180219 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1NjFhNGE1ZS1jNDNkLTQyY2ItYmMwOC05Y2E2MDZhMzQ1ZjgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjU2MWE0YTVlLWM0M2QtNDJjYi1iYzA4LTljYTYwNmEzNDVmOCJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

+8347 -10760

0 comment

2 changed files

pr created time in 19 minutes

PR opened Autoadmin-org/autoadmin-agent

[Snyk] Upgrade ssh2 from 1.3.0 to 1.4.0

<h3>Snyk has created this PR to upgrade ssh2 from 1.3.0 to 1.4.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2021-09-04.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwNTEyYjc4Ni1kMzYwLTQ3YWYtYjJhMy01M2MxNjE3NDE3NDgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjA1MTJiNzg2LWQzNjAtNDdhZi1iMmEzLTUzYzE2MTc0MTc0OCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"0512b786-d360-47af-b2a3-53c161741748","prPublicId":"0512b786-d360-47af-b2a3-53c161741748","dependencies":[{"name":"ssh2","from":"1.3.0","to":"1.4.0"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/gugu-zbl/project/abbd431b-943d-4341-b178-81e8c687ce8b?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"abbd431b-943d-4341-b178-81e8c687ce8b","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2021-09-04T15:33:30.859Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+5 -5

0 comment

2 changed files

pr created time in 19 minutes