Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , express, express-validator, mongoose, nodemon, stripe, uuid #11

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Sandani2000
Copy link
Collaborator

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@react-pdf/renderer
from 3.1.13 to 3.4.4 | 20 versions ahead of your current version | 5 months ago
on 2024-04-25
@stripe/react-stripe-js
from 2.3.1 to 2.8.0 | 12 versions ahead of your current version | a month ago
on 2024-08-14
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-validator
from 7.0.1 to 7.2.0 | 2 versions ahead of your current version | a month ago
on 2024-08-11
mongoose
from 7.4.2 to 7.8.1 | 25 versions ahead of your current version | a month ago
on 2024-08-19
nodemon
from 3.0.1 to 3.1.4 | 7 versions ahead of your current version | 3 months ago
on 2024-06-20
stripe
from 13.10.0 to 13.11.0 | 2 versions ahead of your current version | a year ago
on 2023-10-16
uuid
from 9.0.0 to 9.0.1 | 1 version ahead of your current version | a year ago
on 2023-09-12

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Use of Weak Hash
SNYK-JS-CRYPTOJS-6028119
574 No Known Exploit
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
574 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
574 No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
574 Proof of Concept
critical severity Malicious Package
SNYK-JS-LEGACYSWCHELPERS-7647380
574 Mature
medium severity Information Exposure
SNYK-JS-MONGODB-5871303
574 No Known Exploit
Release notes
Package name: @react-pdf/renderer from @react-pdf/renderer GitHub release notes
Package name: @stripe/react-stripe-js
  • 2.8.0 - 2024-08-14

    New features

    • Update EmbeddedCheckoutProvider prop types (#525)

    Fixes

    Changed

  • 2.7.3 - 2024-07-02

    Fixes

    • Bump ws from 7.4.6 to 7.5.10 (#508)
  • 2.7.2 - 2024-06-27
    • chore(deps): update @ stripe/stripe-js to support v4 (#513)
    • v2.7.1

    New features

    Fixes

    Changed

  • 2.7.1 - 2024-05-06

    Fixes

    • Run @ arethetypeswrong/cli in CI + before publish (#493)
    • Bump tar from 6.1.11 to 6.2.1 (#490)
  • 2.7.0 - 2024-04-08

    New features

    • Add onLoadError to card and cardNumber elements (#488)

    Fixes

    • Remove cart Element (#487)

    Changed

    • Bump express from 4.17.1 to 4.19.2 (#486)
    • Update @ stripe/stripe-js dev dependency (#489)
  • 2.6.2 - 2024-03-14

    Fixes

    • Fix dependency (#484)
  • 2.6.1 - 2024-03-14

    Changed

    • Bump es5-ext from 0.10.53 to 0.10.63 (#475)
    • @ stripe/stripe-js 3.0.9 (#483)
  • 2.6.0 - 2024-03-11

    New features

    • Update stripe-js for Custom Checkout types (#479)
    • upgrade rollup (#480)
    • Add support for fetchClientSecret param to Embedded Checkout (#481)

    Fixes

    Changed

  • 2.5.1 - 2024-02-26

    New features

    Fixes

    • Remove cyclic dependency (#474)

    • Bump ip from 1.1.5 to 1.1.9 (#473)

    Changed

  • 2.5.0 - 2024-02-12

    Changed

    • update peer dependency (#471)
  • 2.4.0 - 2023-11-21
  • 2.3.2 - 2023-11-13
  • 2.3.1 - 2023-10-02
from @stripe/react-stripe-js GitHub release notes
Package name: express from express GitHub release notes
Package name: express-validator from express-validator GitHub release notes
Package name: mongoose
  • 7.8.1 - 2024-08-19

    chore: release 7.8.1

  • 7.8.0 - 2024-07-23
  • 7.7.0 - 2024-06-18
  • 7.6.13 - 2024-06-05
  • 7.6.12 - 2024-05-21
  • 7.6.11 - 2024-04-11
  • 7.6.10 - 2024-03-13
  • 7.6.9 - 2024-02-26
  • 7.6.8 - 2024-01-08
  • 7.6.7 - 2023-12-06
  • 7.6.6 - 2023-11-27
  • 7.6.5 - 2023-11-14
  • 7.6.4 - 2023-10-30
  • 7.6.3 - 2023-10-17
  • 7.6.2 - 2023-10-13
  • 7.6.1 - 2023-10-09
  • 7.6.0 - 2023-10-06
  • 7.5.4 - 2023-10-04
  • 7.5.3 - 2023-09-25
  • 7.5.2 - 2023-09-15
  • 7.5.1 - 2023-09-11
  • 7.5.0 - 2023-08-29
  • 7.4.5 - 2023-08-25
  • 7.4.4 - 2023-08-22
  • 7.4.3 - 2023-08-11
  • 7.4.2 - 2023-08-03
from mongoose GitHub release notes
Package name: nodemon from nodemon GitHub release notes
Package name: stripe
  • 13.11.0 - 2023-10-16
    • #1924 Update generated code
      • Add support for new values issuing_token.created and issuing_token.updated on enum Event.type
      • Add support for new values issuing_token.created and issuing_token.updated on enums WebhookEndpointCreateParams.enabled_events[] and WebhookEndpointUpdateParams.enabled_events[]
    • #1926 Add named unions for all polymorphic types
    • #1921 Add event types

    See the changelog for more details.

  • 13.11.0-beta.1 - 2023-10-11
    • #1919 Update generated code for beta
      • Add support for new resources AccountNotice and Issuing.CreditUnderwritingRecord
      • Add support for list, retrieve, and update methods on resource AccountNotice
      • Add support for correct, create_from_application, create_from_proactive_review, list, report_decision, and retrieve methods on resource CreditUnderwritingRecord
      • Change type of Checkout.Session.automatic_tax.liability.account, Checkout.Session.invoice_creation.invoice_data.issuer.account, Invoice.automatic_tax.liability.account, Invoice.issuer.account, Quote.automatic_tax.liability.account, Quote.invoice_settings.issuer.account, Subscription.automatic_tax.liability.account, SubscriptionSchedule.default_settings.automatic_tax.liability.account, SubscriptionSchedule.default_settings.invoice_settings.issuer.account, SubscriptionSchedule.phases[].automatic_tax.liability.account, and SubscriptionSchedule.phases[].invoice_settings.issuer.account from expandable(Account) | null to expandable(Account)
      • Change Checkout.Session.automatic_tax.liability.account, Checkout.Session.invoice_creation.invoice_data.issuer.account, Invoice.automatic_tax.liability.account, Invoice.issuer.account, Issuing.Transaction.network_data.processing_date, Quote.automatic_tax.liability.account, Quote.invoice_settings.issuer.account, Subscription.automatic_tax.liability.account, SubscriptionSchedule.default_settings.automatic_tax.liability.account, SubscriptionSchedule.default_settings.invoice_settings.issuer.account, SubscriptionSchedule.phases[].automatic_tax.liability.account, and SubscriptionSchedule.phases[].invoice_settings.issuer.account to be optional
      • Add support for new values account_notice.created and account_notice.updated on enum Event.type
      • Add support for new values local_amusement_tax and state_communications_tax on enums Tax.Registration.country_options.us.type and Tax.RegistrationCreateParams.country_options.us.type
      • Add support for new values account_notice.created and account_notice.updated on enums WebhookEndpointCreateParams.enabled_events[] and WebhookEndpointUpdateParams.enabled_events[]

    See the changelog for more details.

  • 13.10.0 - 2023-10-11
    • #1920 Update generated code
      • Add support for redirect_on_completion, return_url, and ui_mode on Checkout.SessionCreateParams and Checkout.Session
      • Change Checkout.Session.custom_fields[].dropdown, Checkout.Session.custom_fields[].numeric, Checkout.Session.custom_fields[].text, Checkout.SessionCreateParams.success_url, PaymentLink.custom_fields[].dropdown, PaymentLink.custom_fields[].numeric, and PaymentLink.custom_fields[].text to be optional
      • Add support for client_secret on Checkout.Session
      • Change type of Checkout.Session.custom_fields[].dropdown from PaymentPagesCheckoutSessionCustomFieldsDropdown | null to PaymentPagesCheckoutSessionCustomFieldsDropdown
      • Change type of Checkout.Session.custom_fields[].numeric and Checkout.Session.custom_fields[].text from PaymentPagesCheckoutSessionCustomFieldsNumeric | null to PaymentPagesCheckoutSessionCustomFieldsNumeric
      • Add support for postal_code on Issuing.Authorization.verification_data
      • Change type of PaymentLink.custom_fields[].dropdown from PaymentLinksResourceCustomFieldsDropdown | null to PaymentLinksResourceCustomFieldsDropdown
      • Change type of PaymentLink.custom_fields[].numeric and PaymentLink.custom_fields[].text from PaymentLinksResourceCustomFieldsNumeric | null to PaymentLinksResourceCustomFieldsNumeric
      • Add support for offline on Terminal.ConfigurationCreateParams, Terminal.ConfigurationUpdateParams, and Terminal.Configuration
    • #1914 Bump get-func-name from 2.0.0 to 2.0.2

    See the changelog for more details.

from stripe GitHub release notes
Package name: uuid from uuid GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @react-pdf/renderer from 3.1.13 to 3.4.4.
    See this package in npm: https://www.npmjs.com/package/@react-pdf/renderer
  - @stripe/react-stripe-js from 2.3.1 to 2.8.0.
    See this package in npm: https://www.npmjs.com/package/@stripe/react-stripe-js
  - express from 4.18.2 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - express-validator from 7.0.1 to 7.2.0.
    See this package in npm: https://www.npmjs.com/package/express-validator
  - mongoose from 7.4.2 to 7.8.1.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - nodemon from 3.0.1 to 3.1.4.
    See this package in npm: https://www.npmjs.com/package/nodemon
  - stripe from 13.10.0 to 13.11.0.
    See this package in npm: https://www.npmjs.com/package/stripe
  - uuid from 9.0.0 to 9.0.1.
    See this package in npm: https://www.npmjs.com/package/uuid

See this project in Snyk:
https://app.snyk.io/org/sandani2000/project/8b38c99b-bb1b-417b-91db-d3b37cc756ef?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants