[Snyk] Upgrade: bcrypt, cloudinary, dotenv, moment, mongoose, nodemon, socket.io, stripe, validator #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- bcrypt from 5.0.1 to 5.1.1.
See this package in npm: https://www.npmjs.com/package/bcrypt
- cloudinary from 1.31.0 to 1.41.3.
See this package in npm: https://www.npmjs.com/package/cloudinary
- dotenv from 16.0.2 to 16.4.5.
See this package in npm: https://www.npmjs.com/package/dotenv
- moment from 2.29.4 to 2.30.1.
See this package in npm: https://www.npmjs.com/package/moment
- mongoose from 6.5.4 to 6.13.0.
See this package in npm: https://www.npmjs.com/package/mongoose
- nodemon from 2.0.19 to 2.0.22.
See this package in npm: https://www.npmjs.com/package/nodemon
- socket.io from 4.5.1 to 4.7.5.
See this package in npm: https://www.npmjs.com/package/socket.io
- stripe from 10.7.0 to 10.17.0.
See this package in npm: https://www.npmjs.com/package/stripe
- validator from 13.7.0 to 13.12.0.
See this package in npm: https://www.npmjs.com/package/validator
See this project in Snyk:
https://app.snyk.io/org/kottagenvh/project/1f6e4185-c6f7-40c8-9c37-6f6ec2310bdc?utm_source=github&utm_medium=referral&page=upgrade-pr
❌ Deploy Preview for polite-dragon-8754d9 failed.
|
❌ Deploy Preview for lustrous-crepe-2ddaec failed.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
bcrypt
from 5.0.1 to 5.1.1 | 2 versions ahead of your current version | a year ago
on 2023-08-16
cloudinary
from 1.31.0 to 1.41.3 | 20 versions ahead of your current version | 8 months ago
on 2024-01-18
dotenv
from 16.0.2 to 16.4.5 | 18 versions ahead of your current version | 7 months ago
on 2024-02-20
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 9 months ago
on 2023-12-27
mongoose
from 6.5.4 to 6.13.0 | 48 versions ahead of your current version | 3 months ago
on 2024-06-06
nodemon
from 2.0.19 to 2.0.22 | 3 versions ahead of your current version | a year ago
on 2023-03-22
socket.io
from 4.5.1 to 4.7.5 | 13 versions ahead of your current version | 6 months ago
on 2024-03-14
stripe
from 10.7.0 to 10.17.0 | 14 versions ahead of your current version | 2 years ago
on 2022-11-08
validator
from 13.7.0 to 13.12.0 | 3 versions ahead of your current version | 4 months ago
on 2024-05-09
Issues fixed by the recommended upgrade:
SNYK-JS-ENGINEIO-3136336
SNYK-JS-ENGINEIO-5496331
SNYK-JS-IP-6240864
SNYK-JS-MONGOOSE-5777721
SNYK-JS-IP-6240864
SNYK-JS-SOCKETIO-7278048
SNYK-JS-SOCKETIOPARSER-5596892
SNYK-JS-SOCKETIOPARSER-5596892
SNYK-JS-IP-7148531
SNYK-JS-MONGODB-5871303
SNYK-JS-IP-7148531
SNYK-JS-TAR-6476909
SNYK-JS-VM2-5537079
SNYK-JS-WORDWRAP-3149973
SNYK-JS-VM2-5415299
SNYK-JS-VM2-5422057
SNYK-JS-VM2-5426093
SNYK-JS-VM2-5537100
SNYK-JS-VM2-5772823
SNYK-JS-VM2-5772825
Release notes
Package name: bcrypt
-
5.1.1 - 2023-08-16
- Refactored example with async await by @ lpizzinidev in #894
- Fixed z/OS build issue by @ laijonathan in #968
- Update dependencies by @ recrsn in #993
- @ lpizzinidev made their first contribution in #894
- @ laijonathan made their first contribution in #968
-
5.1.0 - 2022-10-06
- Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
- Update README for inclusion of musl by @ arbourd in #883
- Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
- document ESM usage (#892) by @ mariusa in #899
- fix: update travis CI Docker image repository by @ cokia in #930
- Update node versions in appveyor test matrix by @ p-kuen in #936
- chore(appveyor): not use latest npm by @ cokia in #932
- chore: update Appveyor readme badge by @ cokia in #933
- Use Github actions for CI by @ recrsn in #858
- Update dependencies by @ recrsn in #953
- Migrate tests to use Jest by @ recrsn in #958
- Pin NAPI to v3 by @ recrsn in #959
- @ feuxfollets1013 made their first contribution in #865
- @ arbourd made their first contribution in #883
- @ adaniels-parabol made their first contribution in #905
- @ mariusa made their first contribution in #899
- @ cokia made their first contribution in #930
- @ p-kuen made their first contribution in #936
-
5.0.1 - 2021-02-26
from bcrypt GitHub release notesWhat's Changed
New Contributors
Full Changelog: v5.1.0...v5.1.1
What's Changed
New Contributors
Full Changelog: v5.0.1...v5.1.0
Update
node-pre-gypto 1.0.0Package name: cloudinary
-
1.41.3 - 2024-01-18
-
1.41.2 - 2024-01-08
-
1.41.1 - 2023-12-18
-
1.41.0 - 2023-09-26
-
1.40.0 - 2023-07-31
-
1.39.0 - 2023-07-24
-
1.38.0 - 2023-07-20
-
1.37.3 - 2023-06-26
-
1.37.2 - 2023-06-19
-
1.37.1 - 2023-06-09
-
1.37.0 - 2023-05-16
-
1.36.4 - 2023-05-02
-
1.36.3 - 2023-05-02
-
1.36.2 - 2023-04-24
-
1.36.1 - 2023-04-13
-
1.36.0 - 2023-04-13
-
1.35.0 - 2023-03-03
-
1.34.0 - 2023-02-13
-
1.33.0 - 2022-12-15
-
1.32.0 - 2022-09-14
-
1.31.0 - 2022-08-28
from cloudinary GitHub release notesPackage name: dotenv
-
16.4.5 - 2024-02-20
-
16.4.4 - 2024-02-13
-
16.4.3 - 2024-02-12
-
16.4.2 - 2024-02-10
-
16.4.1 - 2024-01-24
-
16.4.0 - 2024-01-23
-
16.3.2 - 2024-01-19
-
16.3.1 - 2023-06-17
-
16.3.0 - 2023-06-16
-
16.2.0 - 2023-06-16
-
16.1.4 - 2023-06-04
-
16.1.3 - 2023-05-31
-
16.1.2 - 2023-05-31
-
16.1.1 - 2023-05-31
-
16.1.0 - 2023-05-30
-
16.1.0-rc2 - 2023-05-21
-
16.1.0-rc1 - 2023-04-07
-
16.0.3 - 2022-09-29
-
16.0.2 - 2022-08-30
from dotenv GitHub release notes16.4.5
16.4.4
16.4.3
16.4.2
16.4.1
16.4.0
16.3.2
16.3.1
16.3.0
16.2.0
Package name: moment
-
2.30.1 - 2023-12-27
-
2.30.0 - 2023-12-26
-
2.29.4 - 2022-07-06
from moment GitHub release notes2.30.1
2.30.0
2.29.4
Package name: mongoose
-
6.13.0 - 2024-06-06
-
6.12.9 - 2024-05-24
-
6.12.8 - 2024-04-10
-
6.12.7 - 2024-03-01
-
6.12.6 - 2024-01-22
-
6.12.5 - 2024-01-03
-
6.12.4 - 2023-12-27
-
6.12.3 - 2023-11-07
-
6.12.2 - 2023-10-25
-
6.12.1 - 2023-10-12
-
6.12.0 - 2023-08-24
-
6.11.6 - 2023-08-21
-
6.11.5 - 2023-08-01
-
6.11.4 - 2023-07-17
-
6.11.3 - 2023-07-11
-
6.11.2 - 2023-06-08
-
6.11.1 - 2023-05-08
-
6.11.0 - 2023-05-01
-
6.10.5 - 2023-04-06
-
6.10.4 - 2023-03-21
-
6.10.3 - 2023-03-13
-
6.10.2 - 2023-03-07
-
6.10.1 - 2023-03-03
-
6.10.0 - 2023-02-22
-
6.9.3 - 2023-02-22
-
6.9.2 - 2023-02-16
-
6.9.1 - 2023-02-06
-
6.9.0 - 2023-01-25
-
6.8.4 - 2023-01-17
-
6.8.3 - 2023-01-06
-
6.8.2 - 2022-12-28
-
6.8.1 - 2022-12-19
-
6.8.0 - 2022-12-05
-
6.7.5 - 2022-11-30
-
6.7.4 - 2022-11-28
-
6.7.3 - 2022-11-22
-
6.7.2 - 2022-11-07
-
6.7.1 - 2022-11-02
-
6.7.0 - 2022-10-24
-
6.6.7 - 2022-10-21
-
6.6.6 - 2022-10-20
-
6.6.5 - 2022-10-05
-
6.6.4 - 2022-10-03
-
6.6.3 - 2022-09-30
-
6.6.2 - 2022-09-26
-
6.6.1 - 2022-09-14
-
6.6.0 - 2022-09-08
-
6.5.5 - 2022-09-07
-
6.5.4 - 2022-08-30
from mongoose GitHub release notesPackage name: nodemon
-
2.0.22 - 2023-03-22
- remove ts mapping if loader present (f7816e4), closes #2083
-
2.0.21 - 2023-03-02
- remove ts mapping if loader present (1468397), closes #2083
-
2.0.20 - 2022-09-16
- remove postinstall script (e099e91)
-
2.0.19 - 2022-07-05
- Replace update notifier with simplified deps (#2033) (176c4a6), closes #1961 #2028
from nodemon GitHub release notes2.0.22 (2023-03-22)
Bug Fixes
2.0.21 (2023-03-02)
Bug Fixes
2.0.20 (2022-09-16)
Bug Fixes
2.0.19 (2022-07-05)
Bug Fixes
Package name: socket.io
-
4.7.5 - 2024-03-14
-
4.7.4 - 2024-01-12
-
4.7.3 - 2024-01-03
-
4.7.2 - 2023-08-02
-
4.7.1 - 2023-06-28
-
4.7.0 - 2023-06-22
-
4.6.2 - 2023-05-31
-
4.6.1 - 2023-02-20
-
4.6.0 - 2023-02-07
-
4.6.0-alpha1 - 2023-01-25
-
4.5.4 - 2022-11-22
-
4.5.3 - 2022-10-15
-
4.5.2 - 2022-09-02
-
4.5.1 - 2022-05-17
from socket.io GitHub release notesPackage name: stripe
-
10.17.0 - 2022-11-08
- #1610 API Updates
- Add support for new values
- Add support for new values
- Add support for
- Add support for new value
-
10.16.0 - 2022-11-03
- #1596 API Updates
- Add support for
- Add support for
-
10.16.0-beta.2 - 2022-11-02
- #1598 API Updates for beta branch
- Updated beta APIs to the latest stable version
- Add support for
- Add support for
- Add support for
-
10.16.0-beta.1 - 2022-10-22
- #1589 API Updates for beta branch
- Updated stable APIs to the latest version
- Add support for new value
- Add support for
- Add support for
- Add support for new value
- Add support for
-
10.15.0 - 2022-10-20
- #1588 API Updates
- Add support for new values
- Add support for new values
- Add support for
- #1585 use native UUID method if available
-
10.15.0-beta.1 - 2022-10-14
- Add support for
- Add support for new value
- Add support for new values
-
10.14.0 - 2022-10-13
- #1582 API Updates
- Add support for new values
- Add support for
- Add support for
⚠️ Remove
-
10.14.0-beta.1 - 2022-10-07
- #1572 API Updates for beta branch
- Updated stable APIs to the latest version
-
10.13.0 - 2022-10-06
- #1571 API Updates
- Add support for new value
- Add support for new value
- Add support for new values
- Add support for
- #1570 Update node-fetch to 2.6.7
- #1568 Upgrade dependencies
- #1567 Fix release tag calculation
-
10.12.0 - 2022-09-29
- #1564 API Updates
- Change type of
- Add support for
- Add support for
- Deprecate
- #1563 Migrate other Stripe infrastructure to TS
- #1562 Restore lib after generating
- #1551 Re-introduce Typescript changes
-
10.12.0-beta.1 - 2022-09-26
-
10.11.0 - 2022-09-22
-
10.10.0 - 2022-09-15
-
10.8.0 - 2022-09-07
-
10.7.0 - 2022-08-31
from stripe GitHub release noteseg_tin,ph_tin, andtr_tinon enumsCheckout.Session.customer_details.tax_ids[].type,Invoice.customer_tax_ids[].type,Order.tax_details.tax_ids[].type, andTaxId.typeeg_tin,ph_tin, andtr_tinon enumsCustomerCreateParams.tax_id_data[].type,InvoiceUpcomingLinesParams.customer_details.tax_ids[].type,InvoiceUpcomingParams.customer_details.tax_ids[].type,OrderCreateParams.tax_details.tax_ids[].type,OrderUpdateParams.tax_details.tax_ids[].type, andTaxIdCreateParams.typereason_messageonIssuing.Authorization.request_history[]webhook_erroron enumIssuing.Authorization.request_history[].reasonSee the changelog for more details.
on_behalf_ofonCheckoutSessionCreateParams.subscription_data,SubscriptionCreateParams,SubscriptionSchedule.default_settings,SubscriptionSchedule.phases[],SubscriptionScheduleCreateParams.default_settings,SubscriptionScheduleCreateParams.phases[],SubscriptionScheduleUpdateParams.default_settings,SubscriptionScheduleUpdateParams.phases[],SubscriptionUpdateParams, andSubscriptiontax_behaviorandtax_codeonInvoiceItemCreateParams,InvoiceItemUpdateParams,InvoiceUpcomingLinesParams.invoice_items[], andInvoiceUpcomingParams.invoice_items[]See the changelog for more details.
cashappPaymentsandzipPaymentsonAccount.cashappandziponCharge,PaymentMethod.trialSettingsonSubscriptionSchedule.See the changelog for more details.
revokedon enumCapitalFinancingOfferListParams.statuspaypalonCharge.payment_method_detailsandSourcenetwork_dataonIssuing.Transactionpaypalon enumSource.typebilling_cycle_anchoronSubscriptionScheduleAmendParams.amendments[]See the changelog for more details.
jp_trnandke_pinon enumsCheckout.Session.customer_details.tax_ids[].type,Invoice.customer_tax_ids[].type,Order.tax_details.tax_ids[].type, andTaxId.typejp_trnandke_pinon enumsCustomerCreateParams.tax_id_data[].type,InvoiceUpcomingLinesParams.customer_details.tax_ids[].type,InvoiceUpcomingParams.customer_details.tax_ids[].type,OrderCreateParams.tax_details.tax_ids[].type,OrderUpdateParams.tax_details.tax_ids[].type, andTaxIdCreateParams.typetippingonTerminal.Reader.action.process_payment_intent.process_configandTerminalReaderProcessPaymentIntentParams.process_configSee the changelog for more details.
schedule_settingsonSubscriptionScheduleAmendParamsupcoming_invoiceon enumSubscriptionScheduleAmendParams.amendments[].amendment_end.typeschedule_endandupcoming_invoiceon enumSubscriptionScheduleAmendParams.amendments[].amendment_start.typeSee the changelog for more details.
invalid_representative_countryandverification_failed_residential_addresson enumsAccount.future_requirements.errors[].code,Account.requirements.errors[].code,Capability.future_requirements.errors[].code,Capability.requirements.errors[].code,Person.future_requirements.errors[].code, andPerson.requirements.errors[].coderequest_log_urlonStripeErrorobjectsnetwork_dataonIssuing.Authorizationcurrency,description,images, andnamefromCheckout.SessionCreateParams. These properties do not work on the latest API version. (fixes #1575)See the changelog for more details.
See the changelog for more details.
invalid_dob_age_under_18on enumsAccount.future_requirements.errors[].code,Account.requirements.errors[].code,Capability.future_requirements.errors[].code,Capability.requirements.errors[].code,Person.future_requirements.errors[].code, andPerson.requirements.errors[].codebank_of_chinaon enumsCharge.payment_method_details.fpx.bank,PaymentIntentConfirmParams.payment_method_data.fpx.bank,PaymentIntentCreateParams.payment_method_data.fpx.bank,PaymentIntentUpdateParams.payment_method_data.fpx.bank,PaymentMethod.fpx.bank,PaymentMethodCreateParams.fpx.bank,SetupIntentConfirmParams.payment_method_data.fpx.bank,SetupIntentCreateParams.payment_method_data.fpx.bank, andSetupIntentUpdateParams.payment_method_data.fpx.bankAmerica/Nuuk,Europe/Kyiv, andPacific/Kantonon enumReportingReportRunCreateParams.parameters.timezoneklarnaonSetupAttempt.payment_method_detailsSee the changelog for more details.
Charge.payment_method_details.card_present.incremental_authorization_supportedandCharge.payment_method_details.card_present.overcapture_supportedfromboolean | nulltobooleancreatedonCheckout.Sessionsetup_future_usageonPaymentIntent.payment_method_options.pix,PaymentIntentConfirmParams.payment_method_options.pix,PaymentIntentCreateParams.payment_method_options.pix, andPaymentIntentUpdateParams.payment_method_options.pixCheckoutSessionCreateParams.subscription_data.items(use theline_itemsparam instead). This will be removed in the next major version.See the changelog for more details.
Package name: validator
What's Changed
New Features / Validators
isAbaRouting@ songyuewFixes, New Locales and Enhancements
isLicensePlateadd Pakistanien-PKlocale @ anasshakilisPortfix invalid leading zeros @ anasshakilisTaxIDadded Argentinaes-ARlocale @ estefrareisDatetimezone offset fix @ tomaspanekisPassportNumberaddedZAlocale @ GMorris-professionalisMobilePhone:en-MWlocale @ SimranSiddiquiam-AMlocale @ AlexKrupkoisPostalAddressfixNLlocale @ RobinvanderVlietisISO4217addSLEcurrency @ urgisStrongPasswordfix symbolRegex to include\@ nandavikasisVATfixedKZlocale @ MatthieuLemoineisAlpha,isAlphanumericaddedeolocale @ RobinvanderVlietisIBANadd AlgeriaDZlocale @ thibault-lrisVATimproveAUlocale @ matthewberrymanisUUIDadd support for v7 @ rusconisTaxIDadd Ukraineuk-UAlocale @ arttigerisDatedisallow hiphen before year @ Sumit-tech-joshiNew Contributors