Skip to content

[Snyk] Security upgrade @feathersjs/authentication from 4.3.3 to 4.5.16 #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
swina wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @feathersjs/authentication from 4.3.3 to 4.5.16 #32

swina wants to merge 1 commit into from

Conversation

@swina
Copy link
Owner

@swina swina commented Jun 20, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @feathersjs/authentication The new version differs by 184 commits.
  • 18872c0 chore(release): publish v4.5.16
  • 1936c64 fix(transport-commons): Crow - fix array dispatching (#3073)
  • f5f7fae chore: Update publishin dist tag
  • 70335c4 fix(dependencies): Update dependencies
  • 141ecac chore: Fix changelog name
  • e81cad0 chore: Get builds and installation working again
  • 1f7ee5c chore: Fix NPM page links an images (#2768)
  • 5fe9644 chore: Moving community from slack to discord (#2736)
  • 1774fe0 chore: Update changelog
  • d0e9600 chore(release): publish v4.5.15
  • 849180f chore: Update package-lock.json
  • 25b6fb5 chore(release): publish v4.5.14
  • 5ec2ec8 fix(transport-commons): Ensure socket queries are always plain objects (#2598)
  • 445e804 fix(rest-client): Import errors from @ feathers/errors (#2591)
  • b5e94c4 chore(release): publish v4.5.13
  • 32356a5 fix: Fix socket.io type dependency (#2526)
  • 7fd94ce chore: Fix changelog
  • 8697ecc chore(release): publish v4.5.12
  • 67a7e31 fix(authentication-oauth): OAuth redirect lost sometimes due to session store race (#2514) (#2515)
  • 1c63e6b fix: Update all dependencies for crow release (#2520)
  • 12ed64e chore: Get crow build passing again
  • 325e633 chore(deps): [security] bump ini from 1.3.5 to 1.3.7 (#2150)
  • 64754a7 chore: Update changelog
  • de05268 chore(release): publish v4.5.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@swina @snyk-bot