Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade express-cassandra from 2.2.3 to 2.9.0 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade express-cassandra from 2.2.3 to 2.9.0 #5

wants to merge 1 commit into from

Conversation

abhishekpnt
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade express-cassandra from 2.2.3 to 2.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released 9 months ago, on 2023-04-01.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-567746		 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express-cassandra from express-cassandra GitHub release notes
Commit messages
Package name: express-cassandra
  • e5dff15 chore: version bump for v2.9.0
  • a59c1f9 Merge pull request #264 from masumsoft/dependabot/npm_and_yarn/trim-newlines-and-echo-cli--removed
  • d9f5769 build(deps): bump trim-newlines and echo-cli
  • 1ebe459 chore: nodejs supported version is 12+
  • 6c1109a fix: upgrade dependencies for security
  • e116c7d doc: add scylladb support documentation
  • 756d96b fix: filter scylladb indexes available as views
  • 0fb066c Merge pull request #263 from trufflehq/fix-whereas
  • 3ac4706 fix: where clause comparison in schema match
  • f9737ed Merge pull request #261 from masumsoft/dependabot/npm_and_yarn/minimist-and-minimist-and-mkdirp-1.2.8
  • 0438d96 build(deps): bump minimist and mkdirp
  • 0c2e6c3 Merge pull request #260 from masumsoft/dependabot/npm_and_yarn/minimatch-and-mocha-and-mocha-logger-3.1.2
  • c221127 build(deps): bump minimatch, mocha and mocha-logger
  • 0ec2d64 Merge pull request #258 from masumsoft/dependabot/npm_and_yarn/decode-uri-component-0.2.2
  • 1ab84bd Merge pull request #259 from masumsoft/dependabot/npm_and_yarn/qs-6.5.3
  • 6e4f6d3 build(deps): bump qs from 6.5.2 to 6.5.3
  • 4dd1844 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
  • f8a13a1 chore: updated author url in package.json
  • 82ec0e5 Merge pull request #257 from masumsoft/dependabot/npm_and_yarn/kind-of-6.0.3
  • 98257f9 build(deps): bump kind-of from 6.0.2 to 6.0.3
  • bcbb4b0 Merge pull request #256 from masumsoft/dependabot/npm_and_yarn/json-schema-and-jsprim-0.4.0
  • b1ad3e5 build(deps): bump json-schema and jsprim
  • b099e52 chore: fix code linting issues due to upgrade
  • 3d6794a Merge pull request #254 from masumsoft/dependabot/npm_and_yarn/ajv-and-eslint-and-eslint-config-airbnb-base-6.12.6

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abhishekpnt @snyk-bot