bus-starter icon indicating copy to clipboard operation
bus-starter copied to clipboard
verified publisher icon node-ts

[Snyk] Fix for 1 vulnerabilities

Open adenhertog opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 531/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.2		 Prototype Pollution
SNYK-JS-CLASSTRANSFORMER-564431		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @node-ts/bus-core The new version differs by 31 commits.
  • 2fad734 Publish
  • b15a9c9 yarn lock
  • d6f5028 [Snyk] Upgrade @ types/node from 12.12.38 to 12.12.39 (#71)
  • 9e4b886 Bump websocket-extensions from 0.1.3 to 0.1.4 (#72)
  • 7b4afb1 fix: upgrade tslib from 1.9.3 to 1.13.0 (#76)
  • 3ee230e fix: upgrade class-transformer from 0.2.3 to 0.3.1 (#82)
  • 6a8786c Bump lodash from 4.17.11 to 4.17.19 (#77)
  • 876ac25 Bump lodash from 4.17.15 to 4.17.19 in /packages/bus-core (#78)
  • 1733fac fix: upgrade amqplib from 0.5.6 to 0.6.0 (#79)
  • 1e9aab7 Bump elliptic from 6.4.1 to 6.5.3 (#80)
  • 0f74a84 fix: packages/bus-core/package.json & packages/bus-core/yarn.lock to reduce vulnerabilities (#81)
  • 609e10f Bump class-transformer from 0.2.3 to 0.3.1 in /packages/bus-core (#83)
  • 958a734 Bump class-transformer from 0.2.3 to 0.3.1 (#84)
  • f2fe8f3 Bump class-transformer from 0.2.3 to 0.3.1 in /packages/bus-sqs (#85)
  • 33bedc1 Bump prismjs from 1.16.0 to 1.21.0 (#86)
  • 49e91bf Bump handlebars from 4.5.1 to 4.7.6 (#89)
  • a713154 Bump http-proxy from 1.17.0 to 1.18.1 (#90)
  • f55edc7 Bump node-fetch from 2.3.0 to 2.6.1 (#91)
  • a1cb974 Bump ini from 1.3.5 to 1.3.7 (#97)
  • 00aab37 Publish
  • a75d625 Sync SQS Attributes for existing SQS queue (#94)
  • bde81c4 Publish
  • ec13b69 Change default DLQ message retention to 14 days (#93)
  • 66b9f10 Publish

See the full diff

Package name: @node-ts/bus-rabbitmq The new version differs by 2 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

adenhertog avatar Feb 01 '21 01:02 adenhertog