[Snyk] Upgrade: , , axios, body-parser, dotenv, express, nodemon, tslint, typescript #40
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @types/express from 4.17.0 to 4.17.21.
See this package in npm: https://www.npmjs.com/package/@types/express
- @xboxreplay/xboxlive-auth from 1.0.1 to 4.0.0.
See this package in npm: https://www.npmjs.com/package/@xboxreplay/xboxlive-auth
- axios from 0.19.0 to 1.7.5.
See this package in npm: https://www.npmjs.com/package/axios
- body-parser from 1.19.0 to 1.20.2.
See this package in npm: https://www.npmjs.com/package/body-parser
- dotenv from 8.0.0 to 16.4.5.
See this package in npm: https://www.npmjs.com/package/dotenv
- express from 4.17.1 to 4.19.2.
See this package in npm: https://www.npmjs.com/package/express
- nodemon from 1.19.1 to 3.1.4.
See this package in npm: https://www.npmjs.com/package/nodemon
- tslint from 5.18.0 to 5.20.1.
See this package in npm: https://www.npmjs.com/package/tslint
- typescript from 3.5.3 to 5.5.4.
See this package in npm: https://www.npmjs.com/package/typescript
See this project in Snyk:
https://app.snyk.io/org/cachiman/project/eb53fe3c-9f44-4f52-bcad-b9b3193111b5?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@types/express
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
⚠️ This is a major version upgrade, and may be a breaking change | 7 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
from 4.17.0 to 4.17.21 | 21 versions ahead of your current version | 10 months ago
on 2023-11-07
@xboxreplay/xboxlive-auth
from 1.0.1 to 4.0.0 | 17 versions ahead of your current version
on 2021-07-26
axios
from 0.19.0 to 1.7.5 | 62 versions ahead of your current version
on 2024-08-23
body-parser
from 1.19.0 to 1.20.2 | 5 versions ahead of your current version | 2 years ago
on 2023-02-22
dotenv
from 8.0.0 to 16.4.5 | 50 versions ahead of your current version
on 2024-02-20
express
from 4.17.1 to 4.19.2 | 9 versions ahead of your current version | 6 months ago
on 2024-03-25
nodemon
from 1.19.1 to 3.1.4 | 48 versions ahead of your current version
on 2024-06-20
tslint
from 5.18.0 to 5.20.1 | 3 versions ahead of your current version | 5 years ago
on 2019-11-05
typescript
from 3.5.3 to 5.5.4 | 1793 versions ahead of your current version
on 2024-07-22
Issues fixed by the recommended upgrade:
SNYK-JS-AJV-584908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-BODYPARSER-7926860
SNYK-JS-BRACES-6838727
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-AXIOS-1579269
SNYK-JS-AXIOS-1579269
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-SEMVER-3247795
SNYK-JS-MICROMATCH-6838728
SNYK-JS-TAR-1536528
SNYK-JS-TAR-1536531
SNYK-JS-QS-3153490
SNYK-JS-QS-3153490
SNYK-JS-TAR-1579147
SNYK-JS-TAR-1579152
SNYK-JS-UNSETVALUE-2400660
SNYK-JS-TAR-1579155
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-INI-1048974
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-AXIOS-1038255
SNYK-JS-DOTPROP-543489
SNYK-JS-EXPRESS-6474509
SNYK-JS-EXPRESS-7926867
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-REQUEST-3361831
SNYK-JS-MINIMATCH-3050818
SNYK-JS-MINIMIST-559764
SNYK-JS-MINIMIST-559764
SNYK-JS-PATHPARSE-1077067
SNYK-JS-PATHTOREGEXP-7925106
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-TAR-6476909
SNYK-JS-TOUGHCOOKIE-5672873
SNYK-JS-UNDEFSAFE-548940
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-GLOBPARENT-1016905
SNYK-JS-GOT-2932019
SNYK-JS-FOLLOWREDIRECTS-2396346
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
SNYK-JS-MINIMIST-2429795
SNYK-JS-MINIMIST-2429795
SNYK-JS-TAR-1536758
SNYK-JS-FOLLOWREDIRECTS-2396346
npm:debug:20170905
npm:debug:20170905
SNYK-JS-KINDOF-537849
Release notes
Package name: @types/express
-
4.17.21 - 2023-11-07
-
4.17.20 - 2023-10-18
-
4.17.19 - 2023-10-10
-
4.17.18 - 2023-09-23
-
4.17.17 - 2023-02-03
-
4.17.16 - 2023-01-23
-
4.17.15 - 2022-12-13
-
4.17.14 - 2022-09-13
-
4.17.13 - 2021-07-06
-
4.17.12 - 2021-05-25
-
4.17.11 - 2021-01-12
-
4.17.10 - 2021-01-11
-
4.17.9 - 2020-11-11
-
4.17.8 - 2020-09-01
-
4.17.7 - 2020-07-06
-
4.17.6 - 2020-04-09
-
4.17.5 - 2020-04-08
-
4.17.4 - 2020-03-31
-
4.17.3 - 2020-03-03
-
4.17.2 - 2019-11-01
-
4.17.1 - 2019-08-19
-
4.17.0 - 2019-06-04
from @types/express GitHub release notesPackage name: @xboxreplay/xboxlive-auth
-
4.0.0 - 2021-07-26
- Updated documentation
- OAuth2.0 support
- Experimental "device token" generation
- Electron usage example
- Bug fixes and workarounds for known issues
-
4.0.0-beta.5 - 2021-02-25
-
4.0.0-beta.4 - 2021-02-21
-
4.0.0-beta.3 - 2021-02-19
-
4.0.0-beta.2 - 2021-02-19
-
4.0.0-beta.1 - 2021-01-17
-
4.0.0-beta.0 - 2021-01-16
-
3.3.3 - 2021-01-08
-
3.3.2 - 2021-01-08
-
3.3.1 - 2021-01-08
-
3.3.0 - 2020-04-12
-
3.1.1 - 2020-04-12
-
3.0.2 - 2020-04-11
-
3.0.1 - 2020-04-10
- Removed request dependency (deprecated)
- Updated tests (e2e)
- Improved types
- Reworked logic and structure
-
2.2.0 - 2019-08-14
-
2.0.1 - 2019-08-14
-
2.0.0 - 2019-08-11
-
1.0.1 - 2019-07-31
from @xboxreplay/xboxlive-auth GitHub release notesMerge pull request #12 from XboxReplay/hoxfix_missing_build
Bump to 3.3.3
No content.
No content.
Merge pull request #5 from XboxReplay/handle-additional-errors
2.0.0 - Handle additional error cases w/ additional infos
No content.
Package name: axios
-
1.7.5 - 2024-08-23
- adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
- core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
- core: fix
- fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)
Dmitriy Mozgovoy
Antonin Bas
Hans Otto Wirtz
-
1.7.4 - 2024-08-13
- sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
- sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
Lev Pachmanov
Đỗ Trọng Hải
-
1.7.3 - 2024-08-01
- adapter: fix progress event emitting; (#6518) (e3c76fc)
- fetch: fix withCredentials request config (#6505) (85d4d0e)
- xhr: return original config on errors from XHR adapter (#6515) (8966ee7)
Dmitriy Mozgovoy
Valerii Sidorenko
prianYu
-
1.7.2 - 2024-05-21
- fetch: enhance fetch API detection; (#6413) (4f79aef)
Dmitriy Mozgovoy
-
1.7.1 - 2024-05-20
- fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)
Dmitriy Mozgovoy
-
1.7.0 - 2024-05-19
- adapter: add fetch adapter; (#6371) (a3ff99b)
- core/axios: handle un-writable error stack (#6362) (81e0455)
Dmitriy Mozgovoy
Jay
Alexandre ABRIOUX
-
1.7.0-beta.2 - 2024-05-19
- fetch: capitalize HTTP method names; (#6395) (ad3174a)
- fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
- fetch: fix headers getting from a stream response; (#6401) (870e0a7)
Dmitriy Mozgovoy
-
1.7.0-beta.1 - 2024-05-07
- core/axios: handle un-writable error stack (#6362) (81e0455)
- fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
- fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)
Alexandre ABRIOUX
Dmitriy Mozgovoy
-
1.7.0-beta.0 - 2024-04-28
- adapter: add fetch adapter; (#6371) (a3ff99b)
Dmitriy Mozgovoy
Jay
-
1.6.8 - 2024-03-15
-
1.6.7 - 2024-01-25
-
1.6.6 - 2024-01-24
-
1.6.5 - 2024-01-05
-
1.6.4 - 2024-01-03
-
1.6.3 - 2023-12-26
-
1.6.2 - 2023-11-14
-
1.6.1 - 2023-11-08
-
1.6.0 - 2023-10-26
-
1.5.1 - 2023-09-26
-
1.5.0 - 2023-08-26
-
1.4.0 - 2023-04-27
-
1.3.6 - 2023-04-19
-
1.3.5 - 2023-04-05
-
1.3.4 - 2023-02-22
-
1.3.3 - 2023-02-13
-
1.3.2 - 2023-02-03
-
1.3.1 - 2023-02-01
-
1.3.0 - 2023-01-31
-
1.2.6 - 2023-01-28
-
1.2.5 - 2023-01-26
-
1.2.4 - 2023-01-24
-
1.2.3 - 2023-01-17
-
1.2.2 - 2022-12-29
-
1.2.1 - 2022-12-05
-
1.2.0 - 2022-11-22
-
1.2.0-alpha.1 - 2022-11-10
-
1.1.3 - 2022-10-15
-
1.1.2 - 2022-10-07
-
1.1.1 - 2022-10-07
-
1.1.0 - 2022-10-06
-
1.0.0 - 2022-10-04
-
1.0.0-alpha.1 - 2022-05-31
-
0.28.1 - 2024-03-28
- fix(backport): custom params serializer support (#6263)
- fix(backport): uncaught ReferenceError
-
0.28.0 - 2024-02-12
-
0.27.2 - 2022-04-27
-
0.27.1 - 2022-04-26
-
0.27.0 - 2022-04-25
-
0.26.1 - 2022-03-09
-
0.26.0 - 2022-02-13
-
0.25.0 - 2022-01-18
-
0.24.0 - 2021-10-25
-
0.23.0 - 2021-10-12
-
0.22.0 - 2021-10-01
-
0.21.4 - 2021-09-06
-
0.21.3 - 2021-09-04
-
0.21.2 - 2021-09-04
-
0.21.1 - 2020-12-22
-
0.21.0 - 2020-10-23
-
0.20.0 - 2020-08-21
-
0.20.0-0 - 2020-07-15
-
0.19.2 - 2020-01-22
-
0.19.1 - 2020-01-07
-
0.19.0 - 2019-05-30
from axios GitHub release notesRelease notes:
Bug Fixes
ReferenceError: navigator is not definedfor custom environments; (#6567) (fed1a4b)Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Features
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Install
Release notes:
Features
Contributors to this release
Install
Release notes:
Release notes:
Bug Fixes
reqis not defined (#6307)Package name: body-parser
-
1.20.2 - 2023-02-22
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- perf: skip value escaping when unnecessary
- deps: raw-body@2.5.2
-
1.20.1 - 2022-10-06
- deps: qs@6.11.0
- perf: remove unnecessary object clone
-
1.20.0 - 2022-04-03
- Fix error message for json parse whitespace in
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- Replace internal
- Use instance methods on
- deps: http-errors@2.0.0
- deps: depd@2.0.0
- deps: statuses@2.0.1
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
- deps: http-errors@2.0.0
-
1.19.2 - 2022-02-16
- deps: bytes@3.1.2
- deps: qs@6.9.7
- Fix handling of
- deps: raw-body@2.4.3
- deps: bytes@3.1.2
-
1.19.1 - 2021-12-10
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: inherits@2.0.4
- deps: toidentifier@1.0.1
- deps: setprototypeof@1.2.0
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
-
1.19.0 - 2019-04-26
- deps: bytes@3.1.0
- Add petabyte (
- deps: http-errors@1.7.2
- Set constructor name when possible
- deps: setprototypeof@1.1.1
- deps: statuses@'>= 1.5.0 < 2'
- deps: iconv-lite@0.4.24
- Added encoding MIK
- deps: qs@6.7.0
- Fix parsing array brackets after index
- deps: raw-body@2.4.0
- deps: bytes@3.1.0
- deps: http-errors@1.7.2
- deps: iconv-lite@0.4.24
- deps: type-is@~1.6.17
- deps: mime-types@~2.1.24
- perf: prevent internal
from body-parser GitHub release notesstrictevalusage withFunctionconstructorprocessto check for listeners__proto__keyspb) supportthrowon invalid typePackage name: dotenv
-
16.4.5 - 2024-02-20
-
16.4.4 - 2024-02-13
-
16.4.3 - 2024-02-12
-
16.4.2 - 2024-02-10
-
16.4.1 - 2024-01-24
-
16.4.0 - 2024-01-23
-
16.3.2 - 2024-01-19
-
16.3.1 - 2023-06-17
-
16.3.0 - 2023-06-16
-
16.2.0 - 2023-06-16
-
16.1.4 - 2023-06-04
-
16.1.3 - 2023-05-31
-
16.1.2 - 2023-05-31
-
16.1.1 - 2023-05-31
-
16.1.0 - 2023-05-30
-
16.1.0-rc2 - 2023-05-21
-
16.1.0-rc1 - 2023-04-07
-
16.0.3 - 2022-09-29
-
16.0.2 - 2022-08-30
-
16.0.1 - 2022-05-10
-
16.0.0 - 2022-02-02
-
15.0.1 - 2022-02-02
-
15.0.0 - 2022-01-31
-
14.3.2 - 2022-01-25
-
14.3.1 - 2022-01-25
-
14.3.0 - 2022-01-24
-
14.2.0 - 2022-01-17
-
14.1.1 - 2022-01-17
-
14.1.0 - 2022-01-17
-
14.0.1 - 2022-01-17
-
14.0.0 - 2022-01-17
-
13.0.1 - 2022-01-16
-
13.0.0 - 2022-01-16
-
12.0.4 - 2022-01-16
-
12.0.3 - 2022-01-15
-
12.0.2 - 2022-01-15
-
12.0.1 - 2022-01-15
-
12.0.0 - 2022-01-14
-
11.0.0 - 2022-01-11
-
10.0.0 - 2021-05-21
-
9.0.2 - 2021-05-10
-
9.0.1 - 2021-05-09
-
9.0.0 - 2021-05-05
-
8.6.0 - 2021-05-05
-
8.5.1 - 2021-05-05
-
8.5.0 - 2021-05-05
-
8.4.0 - 2021-05-05
-
8.3.0 - 2021-05-05
-
8.2.0 - 2019-10-16
-
8.1.0 - 2019-08-18
-
8.0.0 - 2019-05-02
from dotenv GitHub release notes16.4.5
16.4.4
16.4.3
16.4.2
16.4.1
16.4.0
16.3.2
16.3.1
16.3.0
16.2.0
Package name: express
What's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors