[Snyk] Upgrade: , ajv, archiver, dayjs, dockerode, dotenv, express, express-rate-limit, express-validator, file-type, helmet, http-status, joi, mongoose, papaparse, passport, passport-jwt, redis, swagger-ui-express, winston #990
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @babel/runtime from 7.18.6 to 7.25.0.
See this package in npm: https://www.npmjs.com/package/@babel/runtime
- ajv from 8.11.0 to 8.17.1.
See this package in npm: https://www.npmjs.com/package/ajv
- archiver from 5.3.1 to 5.3.2.
See this package in npm: https://www.npmjs.com/package/archiver
- dayjs from 1.11.3 to 1.11.13.
See this package in npm: https://www.npmjs.com/package/dayjs
- dockerode from 3.3.2 to 3.3.5.
See this package in npm: https://www.npmjs.com/package/dockerode
- dotenv from 16.0.1 to 16.4.5.
See this package in npm: https://www.npmjs.com/package/dotenv
- express from 4.18.1 to 4.19.2.
See this package in npm: https://www.npmjs.com/package/express
- express-rate-limit from 6.4.0 to 6.11.2.
See this package in npm: https://www.npmjs.com/package/express-rate-limit
- express-validator from 6.14.2 to 6.15.0.
See this package in npm: https://www.npmjs.com/package/express-validator
- file-type from 16.5.3 to 16.5.4.
See this package in npm: https://www.npmjs.com/package/file-type
- helmet from 5.1.0 to 5.1.1.
See this package in npm: https://www.npmjs.com/package/helmet
- http-status from 1.5.2 to 1.7.4.
See this package in npm: https://www.npmjs.com/package/http-status
- joi from 17.6.0 to 17.13.3.
See this package in npm: https://www.npmjs.com/package/joi
- mongoose from 6.4.1 to 6.13.0.
See this package in npm: https://www.npmjs.com/package/mongoose
- papaparse from 5.3.2 to 5.4.1.
See this package in npm: https://www.npmjs.com/package/papaparse
- passport from 0.6.0 to 0.7.0.
See this package in npm: https://www.npmjs.com/package/passport
- passport-jwt from 4.0.0 to 4.0.1.
See this package in npm: https://www.npmjs.com/package/passport-jwt
- redis from 4.1.0 to 4.7.0.
See this package in npm: https://www.npmjs.com/package/redis
- swagger-ui-express from 4.4.0 to 4.6.3.
See this package in npm: https://www.npmjs.com/package/swagger-ui-express
- winston from 3.8.0 to 3.14.2.
See this package in npm: https://www.npmjs.com/package/winston
See this project in Snyk:
https://app.snyk.io/org/florentinth/project/79b255c4-1eb2-4abe-b47a-e641ddfba5cb?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@babel/runtime
from 7.18.6 to 7.25.0 | 40 versions ahead of your current version | 2 months ago
on 2024-07-26
ajv
from 8.11.0 to 8.17.1 | 8 versions ahead of your current version | 2 months ago
on 2024-07-12
archiver
from 5.3.1 to 5.3.2 | 1 version ahead of your current version | a year ago
on 2023-08-17
dayjs
from 1.11.3 to 1.11.13 | 10 versions ahead of your current version | 22 days ago
on 2024-08-20
dockerode
from 3.3.2 to 3.3.5 | 3 versions ahead of your current version | a year ago
on 2023-03-12
dotenv
from 16.0.1 to 16.4.5 | 19 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.1 to 4.19.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-25
express-rate-limit
from 6.4.0 to 6.11.2 | 13 versions ahead of your current version | a year ago
on 2023-09-12
express-validator
from 6.14.2 to 6.15.0 | 2 versions ahead of your current version | 2 years ago
on 2023-02-16
file-type
from 16.5.3 to 16.5.4 | 1 version ahead of your current version | 2 years ago
on 2022-07-21
helmet
from 5.1.0 to 5.1.1 | 1 version ahead of your current version | 2 years ago
on 2022-07-23
http-status
from 1.5.2 to 1.7.4 | 9 versions ahead of your current version | 7 months ago
on 2024-02-23
joi
from 17.6.0 to 17.13.3 | 27 versions ahead of your current version | 3 months ago
on 2024-06-19
mongoose
from 6.4.1 to 6.13.0 | 59 versions ahead of your current version | 3 months ago
on 2024-06-06
papaparse
from 5.3.2 to 5.4.1 | 2 versions ahead of your current version | a year ago
on 2023-03-23
passport
from 0.6.0 to 0.7.0 | 1 version ahead of your current version | 9 months ago
on 2023-11-27
passport-jwt
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-12-24
redis
from 4.1.0 to 4.7.0 | 24 versions ahead of your current version | a month ago
on 2024-07-29
swagger-ui-express
from 4.4.0 to 4.6.3 | 5 versions ahead of your current version | a year ago
on 2023-05-05
winston
from 3.8.0 to 3.14.2 | 12 versions ahead of your current version | a month ago
on 2024-08-14
Issues fixed by the recommended upgrade:
SNYK-JS-FILETYPE-2958042
SNYK-JS-IP-6240864
SNYK-JS-MONGOOSE-2961688
SNYK-JS-MONGOOSE-5777721
SNYK-JS-EXPRESS-6474509
SNYK-JS-IP-7148531
SNYK-JS-MONGODB-5871303
SNYK-JS-SIDEWAYFORMULA-3317169
Release notes
Package name: @babel/runtime
-
7.25.0 - 2024-07-26
- #16537
- #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@ liuxingbaoyu)
- #16658 Move
- #16644 Move
- #16645 Move
- #16649 Move
- #16480 Expose wether a module has TLA or not as
- #16569 Introduce
- #16551 Add
- #16579 Add
- #16642 Allow using custom config in
- #16445 Add
- #16678 Print parens around as expressions on the LHS (@ nicolo-ribaudo)
- #15286 fix: Props are lost when the template replaces the node (@ liuxingbaoyu)
- Other
- #16674 bump gulp to 5 (@ JLHwung)
- #16651 Simplify the printing logic for
- #16652 Simplify
- #16461 Some minor parser performance improvements for ts (@ liuxingbaoyu)
- #16670 Reduce redundant
- #16374 Improve
- #16656 Simplify output for anonymous classes with no methods (@ nicolo-ribaudo)
- Artem (@ slatereax)
- Babel Bot (@ babel-bot)
- David Taylor (@ davidtaylorhq)
- Huáng Jùnliàng (@ JLHwung)
- Nicolò Ribaudo (@ nicolo-ribaudo)
- @ liuxingbaoyu
-
7.24.8 - 2024-07-11
- #16567 Do not use strict mode in TS
- #16630 Correctly print parens around
- #16626 Fix printing of comments in
- #16591 fix typescript code generation for yield expression inside type expre… (@ SreeXD)
- #16613 Disallow destructuring assignment in
- #16490 fix: do not add
- #16615 Remove boolean props from
- #16566 fix: Correctly handle
- #16625 Avoid unnecessary parens around
- #16619 Avoid checking
- Amjad Yahia Robeen Hassan (@ amjed-98)
- Babel Bot (@ babel-bot)
- Huáng Jùnliàng (@ JLHwung)
- Jon Kuperman (@ jkup)
- Nagendran N (@ SreeXD)
- Nicolò Ribaudo (@ nicolo-ribaudo)
- Sukka (@ SukkaW)
- @ H0onnn
- @ liuxingbaoyu
-
7.24.7 - 2024-06-05
- #16554 Allow extra flags in babel-node (@ nicolo-ribaudo)
- #16522 fix: incorrect
- #16524 fix: Transform
- #16525 Delete unused array helpers (@ blakewilson)
- Amjad Yahia Robeen Hassan (@ amjed-98)
- Babel Bot (@ babel-bot)
- Blake Wilson (@ blakewilson)
- Huáng Jùnliàng (@ JLHwung)
- Nicolò Ribaudo (@ nicolo-ribaudo)
- Sukka (@ SukkaW)
- @ liuxingbaoyu
-
7.24.6 - 2024-05-24
- #16514 Fix source maps for private member expressions (@ nicolo-ribaudo)
- #16515 Fix source maps for template literals (@ nicolo-ribaudo)
- #16485 Support undecorated static accessor in anonymous classes (@ JLHwung)
- #16484 Fix decorator bare yield await (@ JLHwung)
- #16483 Fix: throw TypeError if addInitializer is called after finished (@ JLHwung)
- #16476 fix: Correctly parse
- #16501 Generate helper metadata at build time (@ nicolo-ribaudo)
- #16499 Add
- #16495 Move all runtime helpers to individual files (@ nicolo-ribaudo)
- #16482 Statically generate boilerplate for bitfield accessors (@ nicolo-ribaudo)
- Other
- #16466 Migrate import assertions syntax (@ JLHwung)
- Amjad Yahia Robeen Hassan (@ amjed-98)
- Babel Bot (@ babel-bot)
- Blake Wilson (@ blakewilson)
- Huáng Jùnliàng (@ JLHwung)
- Lucas Coelho (@ coelhucas)
- Nicolò Ribaudo (@ nicolo-ribaudo)
- Sukka (@ SukkaW)
- Zzzen (@ Zzzen)
- @ liuxingbaoyu
-
7.24.5 - 2024-04-29
- #16377 fix: TypeScript annotation affects output (@ liuxingbaoyu)
- #16440 Fix suppressed error order (@ sossost)
- #16408 Await nullish async disposable (@ JLHwung)
- #16407 Recover from exported
- Other
- #16414 Relax ESLint peerDependency constraint to allow v9 (@ liuxingbaoyu)
- #16425 Improve
- #16417 Always pass type argument to
- #16439 Make
- #16421 Remove
- #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@ nicolo-ribaudo)
- #16357 Performance: improve
- Babel Bot (@ babel-bot)
- Huáng Jùnliàng (@ JLHwung)
- Nicolò Ribaudo (@ nicolo-ribaudo)
- Rom Grk (@ romgrk)
- @ liuxingbaoyu
- ynnsuis (@ sossost)
-
7.24.4 - 2024-04-03
-
7.24.1 - 2024-03-19
-
7.24.0 - 2024-02-28
-
7.23.9 - 2024-01-25
-
7.23.8 - 2024-01-08
-
7.23.7 - 2023-12-29
-
7.23.6 - 2023-12-11
-
7.23.5 - 2023-11-29
-
7.23.4 - 2023-11-20
-
7.23.2 - 2023-10-11
-
7.23.1 - 2023-09-25
-
7.23.0 - 2023-09-25
-
7.22.15 - 2023-09-04
-
7.22.11 - 2023-08-24
-
7.22.10 - 2023-08-07
-
7.22.6 - 2023-07-04
-
7.22.5 - 2023-06-08
-
7.22.3 - 2023-05-27
-
7.22.0 - 2023-05-26
-
7.21.5 - 2023-04-28
-
7.21.4-esm.4 - 2023-04-04
-
7.21.4-esm.3 - 2023-04-04
-
7.21.4-esm.2 - 2023-04-04
-
7.21.4-esm.1 - 2023-04-04
-
7.21.4-esm - 2023-04-04
-
7.21.0 - 2023-02-20
-
7.20.13 - 2023-01-21
-
7.20.7 - 2022-12-22
-
7.20.6 - 2022-11-28
-
7.20.5 - 2022-11-28
-
7.20.1 - 2022-11-01
-
7.20.0 - 2022-10-27
-
7.19.4 - 2022-10-10
-
7.19.0 - 2022-09-05
-
7.18.9 - 2022-07-18
-
7.18.6 - 2022-06-27
from @babel/runtime GitHub release notesv7.25.0 (2024-07-26)
Thanks @ davidtaylorhq and @ slatereax for your first PR!
You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.
👓 Spec Compliance
babel-helpers,babel-plugin-proposal-explicit-resource-management,babel-runtime-corejs3await usingnormative updates (@ JLHwung)babel-plugin-transform-typescript🚀 New Feature
babel-helper-create-class-features-plugin,babel-helper-function-name,babel-helper-plugin-utils,babel-helper-wrap-function,babel-plugin-bugfix-safari-class-field-initializer-scope,babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression,babel-plugin-transform-classes,babel-plugin-transform-function-name,babel-preset-env,babel-traverse,babel-typesensureFunctionNametoNodePath.prototype(@ nicolo-ribaudo)babel-helper-hoist-variables,babel-helper-plugin-utils,babel-plugin-proposal-async-do-expressions,babel-plugin-transform-modules-systemjs,babel-traversehoistVariablestoScope.prototype(@ nicolo-ribaudo)babel-helper-create-class-features-plugin,babel-helper-module-transforms,babel-helper-plugin-utils,babel-helper-split-export-declaration,babel-plugin-transform-classes,babel-traverse,babel-typessplitExportDeclarationtoNodePath.prototype(@ nicolo-ribaudo)babel-helper-create-class-features-plugin,babel-helper-environment-visitor,babel-helper-module-transforms,babel-helper-plugin-utils,babel-helper-remap-async-to-generator,babel-helper-replace-supers,babel-plugin-bugfix-firefox-class-in-computed-class-key,babel-plugin-bugfix-v8-static-class-fields-redefine-readonly,babel-plugin-transform-async-generator-functions,babel-plugin-transform-classes,babel-traverseenvironment-visitorhelper into@ babel/traverse(@ nicolo-ribaudo)babel-core,babel-parser.extra.async(@ nicolo-ribaudo)babel-compat-data,babel-plugin-bugfix-safari-class-field-initializer-scope,babel-preset-envbugfix-safari-class-field-initializer-scope(@ davidtaylorhq)babel-plugin-transform-block-scoping,babel-traverse,babel-typesNodePath#getAssignmentIdentifiers(@ JLHwung)babel-helper-import-to-platform-api,babel-plugin-proposal-json-modulesuncheckedRequireoption for JSON imports to CJS (@ nicolo-ribaudo)babel-helper-transform-fixture-test-runner,babel-nodebabel-node --eval(@ slatereax)babel-compat-data,babel-helper-create-regexp-features-plugin,babel-plugin-proposal-duplicate-named-capturing-groups-regex,babel-plugin-transform-duplicate-named-capturing-groups-regex,babel-preset-env,babel-standaloneduplicate-named-capturing-groups-regextopreset-env(@ JLHwung)🐛 Bug Fix
babel-generatorbabel-template,babel-types🏠 Internal
babel-generator(before ambiguous tokens (@ nicolo-ribaudo)babel-helper-function-name,babel-plugin-transform-arrow-functions,babel-plugin-transform-function-name,babel-preset-env,babel-traversehelper-function-namelogic (@ nicolo-ribaudo)🏃♀️ Performance
babel-parser,babel-plugin-proposal-pipeline-operator🔬 Output optimization
babel-plugin-transform-classesassertThisInitialized(@ liuxingbaoyu)babel-helper-create-class-features-plugin,babel-helper-replace-supers,babel-helpers,babel-plugin-proposal-decorators,babel-plugin-transform-class-properties,babel-plugin-transform-classes,babel-plugin-transform-exponentiation-operator,babel-plugin-transform-object-super,babel-plugin-transform-private-methods,babel-runtime-corejs2,babel-runtime-corejs3,babel-runtimesuper.xoutput (@ liuxingbaoyu)babel-plugin-transform-class-properties,babel-plugin-transform-classesCommitters: 6
v7.24.8 (2024-07-11)
Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!
👓 Spec Compliance
babel-parserdeclare(@ liuxingbaoyu)🐛 Bug Fix
babel-generatorininforheads (@ nicolo-ribaudo)await using(@ nicolo-ribaudo)babel-parserusingdeclarations (@ H0onnn).value: undefinedto regexp literals (@ liuxingbaoyu)babel-typesObjectTypeInternalSlotvisitor keys (@ nicolo-ribaudo)babel-plugin-transform-typescriptexport import x =(@ liuxingbaoyu)💅 Polish
babel-generatorasyncinfor await(@ nicolo-ribaudo)babel-traverseScope.globalsmultiple times (@ liuxingbaoyu)Committers: 9
v7.24.7 (2024-06-05)
🐛 Bug Fix
babel-nodebabel-traverseconstantViolationswith destructuring (@ liuxingbaoyu)babel-helper-transform-fixture-test-runner,babel-plugin-proposal-explicit-resource-managementusinginswitchcorrectly (@ liuxingbaoyu)🏠 Internal
babel-helpers,babel-runtime-corejs2,babel-runtime-corejs3,babel-runtimeCommitters: 7
v7.24.6 (2024-05-24)
Thanks @ amjed-98, @ blakewilson, @ coelhucas, and @ SukkaW for your first PRs!
🐛 Bug Fix
babel-helper-create-class-features-plugin,babel-plugin-transform-class-propertiesbabel-core,babel-generator,babel-plugin-transform-modules-commonjsbabel-helper-create-class-features-plugin,babel-plugin-proposal-decoratorsbabel-helpers,babel-plugin-proposal-decorators,babel-runtime-corejs3babel-parser,babel-plugin-transform-typescriptcls.fn<C> = x(@ liuxingbaoyu)🏠 Internal
babel-core,babel-helpers,babel-plugin-transform-runtime,babel-preset-env,babel-runtime-corejs2,babel-runtime-corejs3,babel-runtimebabel-helperstsconfig.jsonfor@ babel/helpers/src/helpers(@ nicolo-ribaudo)babel-cli,babel-helpers,babel-plugin-external-helpers,babel-plugin-proposal-decorators,babel-plugin-transform-class-properties,babel-plugin-transform-modules-commonjs,babel-plugin-transform-modules-systemjs,babel-plugin-transform-runtime,babel-preset-env,babel-runtime-corejs2,babel-runtime-corejs3,babel-runtimebabel-parser,babel-traverseCommitters: 9
v7.24.5 (2024-04-29)
Thanks @ romgrk and @ sossost for your first PRs!
🐛 Bug Fix
babel-plugin-transform-classes,babel-traversebabel-helpers,babel-plugin-proposal-explicit-resource-management,babel-runtime-corejs3💅 Polish
babel-parserusingdeclaration (@ JLHwung)🏠 Internal
babel-parser@ babel/parserAST types (@ nicolo-ribaudo).startNode(@ nicolo-ribaudo)babel-helper-create-class-features-plugin,babel-helper-member-expression-to-functions,babel-helper-module-transforms,babel-helper-split-export-declaration,babel-helper-wrap-function,babel-helpers,babel-plugin-bugfix-firefox-class-in-computed-class-key,babel-plugin-proposal-explicit-resource-management,babel-plugin-transform-block-scoping,babel-plugin-transform-destructuring,babel-plugin-transform-object-rest-spread,babel-plugin-transform-optional-chaining,babel-plugin-transform-parameters,babel-plugin-transform-private-property-in-object,babel-plugin-transform-react-jsx-self,babel-plugin-transform-typeof-symbol,babel-plugin-transform-typescript,babel-traverseNodePath<T | U>distributive (@ nicolo-ribaudo)babel-plugin-proposal-partial-application,babel-typesJSXNamespacedNamefrom validCallExpressionargs (@ nicolo-ribaudo)babel-plugin-transform-class-properties,babel-preset-env🏃♀️ Performance
babel-helpers,babel-preset-env,babel-runtime-corejs3objectWithoutPropertiesLooseon V8 (@ romgrk)Committers: 6
Package name: ajv
-
8.17.1 - 2024-07-12
- bump version to 8.17.1 by @ jasoniangreen in #2472
-
8.16.0 - 2024-06-04
- Revert fast-uri change by @ jasoniangreen in #2444
-
8.15.0 - 2024-06-03
- Replace
- Bump to 8.15.0 by @ jasoniangreen in #2442
- @ vixalien made their first contribution in #2415
-
8.14.0 - 2024-05-25
- readme: build badge by @ epoberezkin in #2424
- Update workflows by @ rotu in #2410
- docs: add warning to maxLength / minLength by @ jasoniangreen in #2428
- fix: broken link in docs warning by @ jasoniangreen in #2431
- compileAsync a schema with discriminator and $ref, fixes #2427 by @ jasoniangreen in #2433
- bump version to 8.14.0 for publishing by @ jasoniangreen in #2440
- @ rotu made their first contribution in #2410
-
8.13.0 - 2024-04-29
- add named exports
- update dependencies
- update node.js
-
8.12.0 - 2023-01-03
- fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @ piliugin-anton)
- empty JTD "values" schema (#2191)
- empty object to work with JTD utility type (#2158, @ erikbrinkman)
- fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
- correctly narrow "number" type to "integer" (#2192, @ JacobLey)
- update Node.js versions in CI to 14, 16, 18 and 19
-
8.11.2 - 2022-11-13
-
8.11.1 - 2022-11-13
-
8.11.0 - 2022-03-22
from ajv GitHub release notesWhat's Changed
Full Changelog: v8.17.0...v8.17.1
Plus everything in 8.17.0 which failed to release
The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.
Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
docs: refactor to improve legibility by @ blottn in #2432
Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
docs: Fix broken strict-mode link by @ alexanderjsx in #2459
feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in #2449
fix: changes for @ typescript-eslint/array-type rule by @ jasoniangreen in #2467
fixes #2217 - clarify custom keyword naming by @ jasoniangreen in #2457
What's Changed
Full Changelog: v8.15.0...v8.16.0
What's Changed
uri-jswithfast-uriby @ vixalien in #2415New Contributors
Full Changelog: v8.14.0...v8.15.0
What's Changed
New Contributors
Full Changelog: v8.13.0...v8.14.0
Update dependencies
Export ValidationError and MissingRefError (#1840, @ dannyb648)
Update dependencies
Export ValidationError and MissingRefError (#1840, @ dannyb648)
Use root schemaEnv when resolving references in oneOf (#1901, @ asprouse)
Only use equal function in generated code when it is used (#1922, @ bhvngt)
Package name: archiver
What’s changed
Dependency updates