[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #21

rntvicente · 2024-05-21T01:59:58Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade bcrypt from 5.0.1 to 5.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 2 versions ahead of your current version.
The recommended version was released 9 months ago, on 2023-08-16.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary File Overwrite SNYK-JS-TAR-1536528	410/1000 Why? CVSS 8.2	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	410/1000 Why? CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	410/1000 Why? CVSS 8.2	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579147	410/1000 Why? CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	410/1000 Why? CVSS 8.2	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	410/1000 Why? CVSS 8.2	No Known Exploit
Information Exposure SNYK-JS-NODEFETCH-2342118	410/1000 Why? CVSS 8.2	No Known Exploit
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	410/1000 Why? CVSS 8.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	410/1000 Why? CVSS 8.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bcrypt

5.1.1 - 2023-08-16
What's Changed
- Refactored example with async await by @ lpizzinidev in #894
- Fixed z/OS build issue by @ laijonathan in #968
- Update dependencies by @ recrsn in #993
New Contributors
- @ lpizzinidev made their first contribution in #894
- @ laijonathan made their first contribution in #968
Full Changelog: v5.1.0...v5.1.1
5.1.0 - 2022-10-06
What's Changed
- Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
- Update README for inclusion of musl by @ arbourd in #883
- Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
- document ESM usage (#892) by @ mariusa in #899
- fix: update travis CI Docker image repository by @ cokia in #930
- Update node versions in appveyor test matrix by @ p-kuen in #936
- chore(appveyor): not use latest npm by @ cokia in #932
- chore: update Appveyor readme badge by @ cokia in #933
- Use Github actions for CI by @ recrsn in #858
- Update dependencies by @ recrsn in #953
- Migrate tests to use Jest by @ recrsn in #958
- Pin NAPI to v3 by @ recrsn in #959
New Contributors
- @ feuxfollets1013 made their first contribution in #865
- @ arbourd made their first contribution in #883
- @ adaniels-parabol made their first contribution in #905
- @ mariusa made their first contribution in #899
- @ cokia made their first contribution in #930
- @ p-kuen made their first contribution in #936
Full Changelog: v5.0.1...v5.1.0
5.0.1 - 2021-02-26
Update node-pre-gyp to 1.0.0

from bcrypt GitHub release notes

Commit messages

Package name: bcrypt

a0a88a8 Update script for packaging inside docker
1969d96 Run github actions for windows, macos, linux
33043f5 v5.1.1
571d7ab Merge pull request #993 from kelektiv/deps-update
24aa2a2 Update dependencies
11d2ddd Merge pull request #968 from laijonathan/zos_fix
0884c5b Merge pull request #894 from lpizzinidev/patch-1
fc225b1 Merge pull request #960 from kelektiv/release-v5-1-0
809ad03 Prepare for v5.1.0
9eec9e8 Merge pull request #959 from kelektiv/release-v5-1-0
b309eaf Pin NAPI to v3
9d6516a Merge pull request #958 from kelektiv/jest
5a2b952 Increase test timeout
8d201d1 Move tests to use Jest
5a7082a Merge pull request #955 from kelektiv/github-actions
fd00ae0 reverted bcrypt.js changes
4c99e9e fix build errors
ee9117c changed node version <16
e08fdff added napi exception flag
ac42d3f added node < v16 condition
8ce7edc removed -q flags
fa5bc55 Fix github actions
86aa111 Merge pull request #953 from kelektiv/version-update
094dc94 Remove x86 for newer node

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Snyk has created this PR to upgrade bcrypt from 5.0.1 to 5.1.1. See this package in npm: bcrypt See this project in Snyk: https://app.snyk.io/org/rntvicente/project/40ea9495-6891-47b8-acbd-83f2154e6421?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #21

[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #21

Uh oh!

rntvicente commented May 21, 2024

What's Changed

New Contributors

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #21

Are you sure you want to change the base?

[Snyk] Upgrade bcrypt from 5.0.1 to 5.1.1 #21

Uh oh!

Conversation

rntvicente commented May 21, 2024

Snyk has created this PR to upgrade bcrypt from 5.0.1 to 5.1.1.

What's Changed

New Contributors

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants