Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: apollo-server-express, graphql, express, bcrypt, module-alias, mongodb, nodemon, swagger-ui-express, validator #126

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: apollo-server-express, graphql, express, bcrypt, module-alias, mongodb, nodemon, swagger-ui-express, validator #126

wants to merge 1 commit into from

Conversation

danilocatapan
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

apollo-server-express
from 2.19.1 to 2.26.2 | 40 versions ahead of your current version | a year ago
on 2023-08-30
graphql
from 15.5.1 to 15.9.0 | 9 versions ahead of your current version | 3 months ago
on 2024-06-21
express
from 4.17.1 to 4.19.2 | 9 versions ahead of your current version | 6 months ago
on 2024-03-25
bcrypt
from 5.0.1 to 5.1.1 | 2 versions ahead of your current version | a year ago
on 2023-08-16
module-alias
from 2.2.2 to 2.2.3 | 1 version ahead of your current version | a year ago
on 2023-06-03
mongodb
from 3.6.6 to 3.7.4 | 11 versions ahead of your current version | a year ago
on 2023-06-21
nodemon
from 2.0.7 to 2.0.22 | 25 versions ahead of your current version | a year ago
on 2023-03-22
swagger-ui-express
from 4.1.6 to 4.6.3 | 8 versions ahead of your current version | a year ago
on 2023-05-05
validator
from 13.6.0 to 13.12.0 | 4 versions ahead of your current version | 4 months ago
on 2024-05-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 482 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 482 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 482 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 482 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 482 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 482 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-SWAGGERUIEXPRESS-6815423		 482 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-SWAGGERUIEXPRESS-6815424		 482 Mature
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 482 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		 482 Proof of Concept
medium severity Open Redirect
SNYK-JS-GOT-2932019		 482 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 482 Proof of Concept
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		 482 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 482 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-SWAGGERUIDIST-2314884		 482 Mature
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-SWAGGERUIDIST-6056393		 482 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 482 No Known Exploit
medium severity Information Exposure
SNYK-JS-MONGODB-5871303		 482 No Known Exploit
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		 482 No Known Exploit
low severity Information Exposure
SNYK-JS-APOLLOSERVERCORE-5876618		 482 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 482 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 482 Proof of Concept
Release notes
Package name: apollo-server-express
  • 2.26.2 - 2023-08-30
  • 2.26.1 - 2022-10-20
  • 2.26.0 - 2022-08-18
  • 2.25.4 - 2022-05-25
  • 2.25.3 - 2021-11-04
  • 2.25.2 - 2021-06-22
  • 2.25.1 - 2021-06-08
  • 2.25.0 - 2021-05-27
  • 2.25.0-alpha.1 - 2021-05-27
  • 2.25.0-alpha.0 - 2021-05-26
  • 2.24.1 - 2021-05-18
  • 2.24.0 - 2021-04-30
  • 2.24.0-alpha.2 - 2021-04-30
  • 2.24.0-alpha.1 - 2021-04-29
  • 2.24.0-alpha.0 - 2021-04-28
  • 2.23.1-unified2.3 - 2021-04-27
  • 2.23.1-unified2.2 - 2021-04-27
  • 2.23.1-unified2.1 - 2021-04-23
  • 2.23.1-unified2.0 - 2021-04-22
  • 2.23.1-unified.2 - 2021-04-22
  • 2.23.1-unified.0 - 2021-04-22
  • 2.23.0 - 2021-04-14
  • 2.23.0-alpha.1 - 2021-04-09
  • 2.23.0-alpha.0 - 2021-04-09
  • 2.22.2 - 2021-03-29
  • 2.22.2-alpha.0 - 2021-03-29
  • 2.22.1 - 2021-03-26
  • 2.22.0 - 2021-03-26
  • 2.22.0-alpha.0 - 2021-03-22
  • 2.21.2 - 2021-03-18
  • 2.21.2-alpha.0 - 2021-03-16
  • 2.21.1 - 2021-03-08
  • 2.21.1-alpha.0 - 2021-03-06
  • 2.21.0 - 2021-02-12
  • 2.21.0-alpha.2 - 2021-02-11
  • 2.21.0-alpha.1 - 2021-02-11
  • 2.21.0-alpha.0 - 2021-02-11
  • 2.20.0 - 2021-02-09
  • 2.20.0-alpha.0 - 2021-02-09
  • 2.19.2 - 2021-01-14
  • 2.19.1 - 2020-12-22
from apollo-server-express GitHub release notes
Package name: graphql
  • 15.9.0 - 2024-06-21

    v15.9.0 (2024-06-21)

    New Feature 🚀

    • #4120 backport[v15]: Introduce "recommended" validation rules (@ benjie)

    Bug Fix 🐞

    • #3708 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@ chrskrchr)
    • #4000 Backport "Prevent Infinite Loop in OverlappingFieldsCanBeMergedRule" to v15 (@ benjie)

    Internal 🏠

    Committers: 2

  • 15.8.0 - 2021-12-07
  • 15.7.2 - 2021-10-28
  • 15.7.1 - 2021-10-27
  • 15.7.0 - 2021-10-26
  • 15.6.1 - 2021-10-05
  • 15.6.0 - 2021-09-20
  • 15.5.3 - 2021-09-06
  • 15.5.2 - 2021-08-30
  • 15.5.1 - 2021-06-20
from graphql GitHub release notes
Package name: express from express GitHub release notes
Package name: bcrypt from bcrypt GitHub release notes
Package name: module-alias
  • 2.2.3 - 2023-06-03
  • 2.2.2 - 2019-10-01

    Make module-alias work in cli mode #76

from module-alias GitHub release notes
Package name: mongodb
  • 3.7.4 - 2023-06-21

    The MongoDB Node.js team is pleased to announce version 3.7.4 of the mongodb package!

    Release Highlights

    This release fixes a bug that throws a type error when SCRAM-SHA-256 is used with saslprep in a webpacked environment.

    3.7.4 (2023-06-21)

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.7.3 - 2021-10-20
  • 3.7.2 - 2021-10-05
  • 3.7.1 - 2021-09-14
  • 3.7.0 - 2021-08-31
  • 3.6.12 - 2021-08-30
  • 3.6.11 - 2021-08-05
  • 3.6.10 - 2021-07-06
  • 3.6.9 - 2021-05-26
  • 3.6.8 - 2021-05-21
  • 3.6.7 - 2021-05-18
  • 3.6.6 - 2021-04-06
from mongodb GitHub release notes
Package name: nodemon

@snyk-bot
fix: upgrade multiple dependencies with Snyk
367a2c6 
Snyk has created this PR to upgrade:
  - apollo-server-express from 2.19.1 to 2.26.2.
    See this package in npm: https://www.npmjs.com/package/apollo-server-express
  - graphql from 15.5.1 to 15.9.0.
    See this package in npm: https://www.npmjs.com/package/graphql
  - express from 4.17.1 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - bcrypt from 5.0.1 to 5.1.1.
    See this package in npm: https://www.npmjs.com/package/bcrypt
  - module-alias from 2.2.2 to 2.2.3.
    See this package in npm: https://www.npmjs.com/package/module-alias
  - mongodb from 3.6.6 to 3.7.4.
    See this package in npm: https://www.npmjs.com/package/mongodb
  - nodemon from 2.0.7 to 2.0.22.
    See this package in npm: https://www.npmjs.com/package/nodemon
  - swagger-ui-express from 4.1.6 to 4.6.3.
    See this package in npm: https://www.npmjs.com/package/swagger-ui-express
  - validator from 13.6.0 to 13.12.0.
    See this package in npm: https://www.npmjs.com/package/validator

See this project in Snyk:
https://app.snyk.io/org/catapandanilo/project/d0682a5e-259a-4bd5-9439-edcd3c983659?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Defaulting to ts-node is confusing when using ESM loaders Consider removing/replacing update-notifier
2 participants
@danilocatapan @snyk-bot