Skip to content

[Snyk] Security upgrade not-node from 2.8.4 to 6.3.59 #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
interrupter wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade not-node from 2.8.4 to 6.3.59 #66

interrupter wants to merge 1 commit into from

Conversation

@interrupter
Copy link
Owner

@interrupter interrupter commented Mar 24, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 579/1000
Why? Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-NODEEXTEND-73641		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: not-node The new version differs by 250 commits.
  • 7f2994a fix: rmdir replaced by rimraf
  • cbd8474 fix: logic2 populateBuilders handling
  • 6806c7c fix: logic2 populateBuilders handling
  • fc35ced added: Common.partCopyObjExcept
  • ef73955 fix: notRoute routing without and
  • 6b75326 added: IdentityProviderToken support of token object source
  • 1a3b559 fix: logic_v2 bug fixes
  • 519259f logic_v2 merged to master
  • 9456cc7 Merge branch 'logic_v2'
  • 3b93329 added: logic actions exceptions handlers
  • 37b2eb0 fix: success check without document count
  • 6c52687 fix: version
  • 17fa71f fix: model utils to check mongodb driver response on some common queries: insert,update,delete; updated deps: mongoose, mongodb-memory-server
  • 327f50f initial WIP
  • 0332799 fix: Form.createInstructionFromRouteActionFields default instructions set is ['fromBody'], 'xss' added only if schema field type is Schema.Types.String or String
  • 5b9db5b fix: Form fields extractor from actionData, now supports FieldFilter and aliases of fields sets and '-' operation
  • 8f3fff0 added: notField, notFieldModel, notFieldUI, notFieldModelType jsdoc typing
  • 2e00cc6 fix: notManifestFilter wrong model schema name were used
  • 17a8945 fix: notRoute.executeRoute array elements to object if some are undefined
  • 1e07fe1 added: core field
  • 164aafc added: FIELDS param to options of GenericAuthorizedActionForm form builder
  • 4a5ac60 v6.3.43
  • 34a4273 added: template for fields _data generator; forms generator now skips COMMON_FORMS=listAll, listAndCount, delete, get, getRaw, if they already exist
  • 88a3586 fix: template formating for route.manifest & ru locale crud_create_action_form_title name

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@interrupter @snyk-bot