Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: protobufjs, , , , bson, capture-console, chai, date-fns, serialize-closures, ts-closure-transform #131

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

MrRaja23
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

protobufjs
from 7.2.4 to 7.4.0 | 7 versions ahead of your current version | 23 days ago
on 2024-08-22
@grpc/grpc-js
from 1.8.8 to 1.11.1 | 44 versions ahead of your current version | 2 months ago
on 2024-07-16
@protobuf-ts/grpc-transport
from 2.1.0 to 2.9.4 | 22 versions ahead of your current version | 6 months ago
on 2024-03-13
@protobuf-ts/plugin
from 2.1.0 to 2.9.4 | 22 versions ahead of your current version | 6 months ago
on 2024-03-13
bson
from 4.6.0 to 4.7.2 | 8 versions ahead of your current version | 2 years ago
on 2023-01-10
capture-console
from 1.0.1 to 1.0.2 | 1 version ahead of your current version | 10 months ago
on 2023-11-14
chai
from 4.3.4 to 4.5.0 | 9 versions ahead of your current version | 2 months ago
on 2024-07-25
date-fns
from 2.28.0 to 2.30.0 | 5 versions ahead of your current version | a year ago
on 2023-04-30
serialize-closures
from 0.2.7 to 0.3.0 | 3 versions ahead of your current version | 8 months ago
on 2024-01-03
ts-closure-transform
from 0.1.7 to 0.2.0 | 2 versions ahead of your current version | 8 months ago
on 2024-01-03

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417
751 Proof of Concept
Release notes
Package name: protobufjs from protobufjs GitHub release notes
Package name: @grpc/grpc-js
  • 1.11.1 - 2024-07-16
    • Fixed an issue where building from source would sometimes fail (#304)
    • Added NodeJS 10 pre-built binaries (#302)
    • Added Electron 2 pre-built binaries (#291)
    • Added TypeScript type definitions for APIs added in v1.11.x (#306)
  • 1.11.0 - 2024-07-15

    @ grpc/proto-loader v0.1.0

    This is a new library for loading .proto files for use with gRPC using the latest version of Protobuf.js. The output of this package is intended to be loaded using the new loadPackageDefinition function in the grpc library.

    @ grpc/grpc-js v0.1.0

    This is the first alpha release of the new pure JavaScript implementation of gRPC. It implements the same API as the existing grpc library. Currently only the client is implemented, with the following functionality:

    • loadPackageDefinition
    • Unary and streaming calls
    • Cancellation
    • Deadlines
    • Metadata
    • Basic automatic reconnection logic
    • Channel and call credentials

    grpc v1.11.0

    Node changes:

    • Add client interceptors API (#59 contributed by @ drobertduke)
    • Add loadPackageDefintion function (#196)
    • Publish ARM64 binaries (#200)
    • Improve function type test in a client method (#204 contributed by @ arcana261)
    • Add details to UNIMPLEMENTED response status (#207 contributed by @ theogravity)
    • Add error handling for missing files when calling grpc.load (#228 contributed by @ cblair)
    • Fix error message in grpc.loadObject when failing to detect Protobuf.js version (#253 contributed by @ kellycampbell)
    • Remove -zdefs flag from binding.gyp to enable building on FreeBSD (#266)
  • 1.10.11 - 2024-07-10
  • 1.10.10 - 2024-06-24
  • 1.10.9 - 2024-06-10
  • 1.10.8 - 2024-05-15
  • 1.10.7 - 2024-05-01
  • 1.10.6 - 2024-04-03
  • 1.10.5 - 2024-04-01
  • 1.10.4 - 2024-03-26
  • 1.10.3 - 2024-03-15
  • 1.10.2 - 2024-03-11
  • 1.10.1 - 2024-02-15

    Node changes:

    • Update dependency on node-pre-gyp to version 0.7.0 (#245)

    C core changes:

  • 1.10.0 - 2024-02-06

    C Core Changes

  • 1.9.15 - 2024-06-10
  • 1.9.14 - 2024-01-16
  • 1.9.13 - 2023-12-12
  • 1.9.12 - 2023-11-27
  • 1.9.11 - 2023-11-16
  • 1.9.10 - 2023-11-14
  • 1.9.9 - 2023-10-30
  • 1.9.8 - 2023-10-27
  • 1.9.7 - 2023-10-19
  • 1.9.6 - 2023-10-17
  • 1.9.5 - 2023-10-02
  • 1.9.4 - 2023-09-26
  • 1.9.3 - 2023-09-13
  • 1.9.2 - 2023-08-31
  • 1.9.1 - 2023-08-22
    • Fix usage of Protobuf.js Message type in TypeScript type definitions file (#177)
    • Fix handling of undefined values for optional call arguments (#179)
  • 1.9.0 - 2023-08-01
    • Further improve the error output when failing to load an installed precompiled binary (#175)
    • Fix type definition documentation for KeyCertPair (#171)
    • Fix server segfault on invalid HTTP/2 (grpc/grpc#14199)
    • LB policies request re-resolution without shutting down (grpc/grpc#12829)
    • On server, include receiving HTTP/2 settings in handshake timeout (grpc/grpc#13336)
    • Fix max connection idleness crash (grpc/grpc#14122)
    • Report metadata plugin auth errors with an UNAVAILABLE status instead of UNAUTHENTICATED (grpc/grpc#13363).
  • 1.8.22 - 2024-06-10
  • 1.8.21 - 2023-07-28
  • 1.8.20 - 2023-07-25
  • 1.8.19 - 2023-07-24
  • 1.8.18 - 2023-07-13
  • 1.8.17 - 2023-06-27
  • 1.8.16 - 2023-06-20
  • 1.8.15 - 2023-06-05
  • 1.8.14 - 2023-04-12
  • 1.8.13 - 2023-03-23
  • 1.8.12 - 2023-03-07
  • 1.8.11 - 2023-02-24
  • 1.8.10 - 2023-02-22
  • 1.8.9 - 2023-02-15
  • 1.8.8 - 2023-02-08
from @grpc/grpc-js GitHub release notes
Package name: @protobuf-ts/grpc-transport
  • 2.9.4 - 2024-03-13

    What's Changed

    • Extend Object prototype for message instances by @ erichiggins0 in #618
    • Fix formatting typo by @ dimo414 in #630
    • Update go version for twirp compat tests by @ timostamm in #636

    New Contributors

    • @ erichiggins0 made their first contribution in #618

    Full Changelog: v2.9.3...v2.9.4

  • 2.9.3 - 2023-12-07

    What's Changed

    • Fix messagePrototype for exactOptionalProperties: true by @ jcready in #615

    Full Changelog: v2.9.2...v2.9.3

  • 2.9.2 - 2023-12-05

    What's Changed

    New Contributors

    Full Changelog: v2.9.1...v2.9.2

  • 2.9.1 - 2023-07-31

    What's Changed

    • Make protobuf-ts as conformant as protobuf-es by @ jcready in #567
    • Make FieldMask JSON read/write (snake_case <-> camelCase) conforming by @ jcready in #552
    • Test pb-long without BI support and fix found issues by @ jcready in #573

    Repository and documentation cleanup 🧹

    New Contributors

    Full Changelog: v2.9.0...v2.9.1

  • 2.9.0 - 2023-04-24

    What's Changed

    • feat: update arch for fetching binary by @ daboxu in #517
    • Use conformance runner binary for conformance tests by @ smaye81 in #520

    New Contributors

    Full Changelog: v2.8.3...v2.9.0

  • 2.8.3 - 2023-03-20

    Bug fixes:

    • plugin: fix generated fromJson for google.protobuf.Value #500
      Thanks to @ hugebdu for the contribution!
  • 2.8.2 - 2022-11-16

    Bug fixes:

    • Avoid overwriting a set oneof field in target with an unset oneof field in source #395
      Thanks to @ jcready for the contribution!

    This release is available on the BSR.

  • 2.8.1 - 2022-09-07

    Bug fixes:

    This release is available on the BSR.

  • 2.8.0 - 2022-08-17

    Bug fixes:

    • grpcweb-transport: fix handling responses with empty body and status in headers #331
      Thanks to @ eKazim for the contribution!

    • Make repeated field merging consistent #335
      Thanks to @ jcready for the contribution!

    New features and improvements:

    • Relax constraints on runtime-angular to include Angular 14 #358
      Thanks to @ ColinLaws for the contribution!

    • Clarify mergePartial() behavior in the documentation #361

    • Do not strip byte-order mark when decoding text from binary #362
      Thanks to @ kivancguckiran and @ jcready for the investigation!

    This release is available on the BSR.

  • 2.7.0 - 2022-06-16

    New Features:

    • Added force_disable_services option to protobuf-ts/plugin for disabling service metadata generation, see #268
      Thanks to @ ColinLaws for the contribution!

    Bug fixes:

    • Guard access of response.type to support Cloudflare Workers, see #321
      Thanks to @ mikeylemmon for the fix!

    • find protoc in path also in windows, see #334
      Thanks to @ tannera for the fix!

    • Update baseURL in example, see #333
      Thanks to @ GRB3NW for the fix!

    This release is available on the BSR.

  • 2.6.0 - 2022-05-16
  • 2.5.0 - 2022-04-23
  • 2.4.0 - 2022-03-25
  • 2.3.0 - 2022-03-21
  • 2.2.4 - 2022-03-18
  • 2.2.3 - 2022-03-15
  • 2.2.3-alpha.1 - 2022-03-15
  • 2.2.2 - 2022-01-24
  • 2.2.2-2.2.2-alpha.0.0 - 2022-01-24
  • 2.2.1 - 2022-01-11
  • 2.2.0 - 2022-01-11
  • 2.2.0-alpha.0 - 2022-01-04
  • 2.1.0 - 2021-11-29
from @protobuf-ts/grpc-transport GitHub release notes
Package name: @protobuf-ts/plugin

Snyk has created this PR to upgrade:
  - protobufjs from 7.2.4 to 7.4.0.
    See this package in npm: https://www.npmjs.com/package/protobufjs
  - @grpc/grpc-js from 1.8.8 to 1.11.1.
    See this package in npm: https://www.npmjs.com/package/@grpc/grpc-js
  - @protobuf-ts/grpc-transport from 2.1.0 to 2.9.4.
    See this package in npm: https://www.npmjs.com/package/@protobuf-ts/grpc-transport
  - @protobuf-ts/plugin from 2.1.0 to 2.9.4.
    See this package in npm: https://www.npmjs.com/package/@protobuf-ts/plugin
  - bson from 4.6.0 to 4.7.2.
    See this package in npm: https://www.npmjs.com/package/bson
  - capture-console from 1.0.1 to 1.0.2.
    See this package in npm: https://www.npmjs.com/package/capture-console
  - chai from 4.3.4 to 4.5.0.
    See this package in npm: https://www.npmjs.com/package/chai
  - date-fns from 2.28.0 to 2.30.0.
    See this package in npm: https://www.npmjs.com/package/date-fns
  - serialize-closures from 0.2.7 to 0.3.0.
    See this package in npm: https://www.npmjs.com/package/serialize-closures
  - ts-closure-transform from 0.1.7 to 0.2.0.
    See this package in npm: https://www.npmjs.com/package/ts-closure-transform

See this project in Snyk:
https://app.snyk.io/org/nielymmah/project/d343865a-7bd3-425b-b173-ea5b2f184df2?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants