[Snyk] Upgrade: dayjs, dotenv, express, mongodb-memory-server, mongoose, nanoid, pino, pino-pretty, zod #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- dayjs from 1.11.10 to 1.11.13.
See this package in npm: https://www.npmjs.com/package/dayjs
- dotenv from 16.3.1 to 16.4.5.
See this package in npm: https://www.npmjs.com/package/dotenv
- express from 4.18.2 to 4.19.2.
See this package in npm: https://www.npmjs.com/package/express
- mongodb-memory-server from 8.15.1 to 8.16.1.
See this package in npm: https://www.npmjs.com/package/mongodb-memory-server
- mongoose from 7.5.3 to 7.8.1.
See this package in npm: https://www.npmjs.com/package/mongoose
- nanoid from 3.3.4 to 3.3.7.
See this package in npm: https://www.npmjs.com/package/nanoid
- pino from 8.15.3 to 8.21.0.
See this package in npm: https://www.npmjs.com/package/pino
- pino-pretty from 10.2.0 to 10.3.1.
See this package in npm: https://www.npmjs.com/package/pino-pretty
- zod from 3.22.2 to 3.23.8.
See this package in npm: https://www.npmjs.com/package/zod
See this project in Snyk:
https://app.snyk.io/org/sandaru-it21001352/project/c5c6744f-bfd7-4944-a2cd-63baf288e2d8?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
dayjs
from 1.11.10 to 1.11.13 | 3 versions ahead of your current version | a month ago
on 2024-08-20
dotenv
from 16.3.1 to 16.4.5 | 7 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
mongodb-memory-server
from 8.15.1 to 8.16.1 | 2 versions ahead of your current version | 2 months ago
on 2024-07-13
mongoose
from 7.5.3 to 7.8.1 | 18 versions ahead of your current version | a month ago
on 2024-08-19
nanoid
from 3.3.4 to 3.3.7 | 3 versions ahead of your current version | 10 months ago
on 2023-11-06
pino
from 8.15.3 to 8.21.0 | 14 versions ahead of your current version | 5 months ago
on 2024-04-24
pino-pretty
from 10.2.0 to 10.3.1 | 5 versions ahead of your current version | 9 months ago
on 2023-12-27
zod
from 3.22.2 to 3.23.8 | 67 versions ahead of your current version | 4 months ago
on 2024-05-08
Issues fixed by the recommended upgrade:
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-ZOD-5925617
SNYK-JS-IP-6240864
SNYK-JS-EXPRESS-6474509
SNYK-JS-FASTXMLPARSER-7573289
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-IP-7148531
Release notes
Package name: dayjs
-
1.11.13 - 2024-08-20
- customParseFormat supports Q quter / w ww weekOfYear (#2705) (8ca74f1)
-
1.11.12 - 2024-07-18
- Add NegativeYear Plugin support (#2640) (6a42e0d)
- add UTC support to negativeYear plugin (#2692) (f3ef705)
- Fix zero offset issue when use tz with locale (#2532) (d0e6738)
- Improve typing for min/max plugin (#2573) (4fbe94a)
- timezone plugin currect parse UTC tz (#2693) (b575c81)
-
1.11.11 - 2024-04-28
- day of week type literal (#2630) (f68d73e)
- improve locale "zh-hk" format and meridiem (#2419) (a947a51)
- Update 'da' locale to match correct first week of year (#2592) (44b0936)
- update locale Bulgarian monthsShort Jan (#2538) (f0c9a41)
-
1.11.10 - 2023-09-19
- Add Korean Day of Month with ordinal (#2395) (dd55ee2)
- change back fa locale to the Gregorian calendar equivalent (#2411) (95e9458)
- duration plugin - MILLISECONDS_A_MONTH const calculation (#2362) (f0a0b54)
- duration plugin getter get result 0 instead of undefined (#2369) (061aa7e)
- fix isDayjs check logic (#2383) (5f3f878)
- fix timezone plugin to get correct locale setting (#2420) (4f45012)
- locale: add meridiem in
- round durations to millisecond precision for ISO string (#2367) (890a17a)
- sub-second precisions need to be rounded at the seconds field to avoid adding floats (#2377) (a9d7d03)
- update $x logic to avoid plugin error (#2429) (2254635)
- Update Slovenian locale for relative time (#2396) (5470a15)
- update uzbek language translation (#2327) (0a91056)
from dayjs GitHub release notes1.11.13 (2024-08-20)
Bug Fixes
1.11.12 (2024-07-18)
Bug Fixes
1.11.11 (2024-04-28)
Bug Fixes
1.11.10 (2023-09-19)
Bug Fixes
arlocale (#2418) (361be5c)Package name: dotenv
-
16.4.5 - 2024-02-20
-
16.4.4 - 2024-02-13
-
16.4.3 - 2024-02-12
-
16.4.2 - 2024-02-10
-
16.4.1 - 2024-01-24
-
16.4.0 - 2024-01-23
-
16.3.2 - 2024-01-19
-
16.3.1 - 2023-06-17
from dotenv GitHub release notes16.4.5
16.4.4
16.4.3
16.4.2
16.4.1
16.4.0
16.3.2
16.3.1
Package name: express
-
4.19.2 - 2024-03-25
-
4.19.1 - 2024-03-20
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
-
4.19.0 - 2024-03-20
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
- @ crandmck made their first contribution in #5541
-
4.18.3 - 2024-02-29
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add Node.js@19.7 by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
-
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0
from express GitHub release notesWhat's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3
Package name: mongodb-memory-server
-
8.16.1 - 2024-07-13
- trigger release (62f43e7)
- errors: fix lint (4137d32)
-
8.16.0 - 2023-10-05
-
8.15.1 - 2023-08-17
from mongodb-memory-server GitHub release notes8.16.1 (2024-07-13)
Note: This is purely a documentational update, no functionality has changed (aside from error messages)
Fixes
Style
Package name: mongoose
-
7.8.1 - 2024-08-19
-
7.8.0 - 2024-07-23
-
7.7.0 - 2024-06-18
-
7.6.13 - 2024-06-05
-
7.6.12 - 2024-05-21
-
7.6.11 - 2024-04-11
-
7.6.10 - 2024-03-13
-
7.6.9 - 2024-02-26
-
7.6.8 - 2024-01-08
-
7.6.7 - 2023-12-06
-
7.6.6 - 2023-11-27
-
7.6.5 - 2023-11-14
-
7.6.4 - 2023-10-30
-
7.6.3 - 2023-10-17
-
7.6.2 - 2023-10-13
-
7.6.1 - 2023-10-09
-
7.6.0 - 2023-10-06
-
7.5.4 - 2023-10-04
-
7.5.3 - 2023-09-25
from mongoose GitHub release noteschore: release 7.8.1
Package name: nanoid
-
3.3.7 - 2023-11-06
-
3.3.6 - 2023-03-26
-
3.3.5 - 2023-03-26
-
3.3.4 - 2022-05-03
from nanoid GitHub release notes3.3.7
Package name: pino
What's Changed
New Contributors
Full Changelog: v8.20.0...v8.21.0
What's Changed
setBindingsby @ alecmev in #1928New Contributors
Full Changelog: v8.19.0...v8.20.0
What's Changed
formattersoption to the browser pino by @ KatelynKim in #1898setLevelshould respect level comparison option by @ obrus-corcentric in #1901New Contributors
Full Changelog: v8.18.0...v8.19.0
What's Changed
pino'sstreamparameter by @ quisido in #1874New Contributors