New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade jsstore from 2.9.2 to 2.10.0 #80

Open

restinpeaceinout wants to merge 1 commit into master from snyk-fix-5b92e6098f346f5c0f4bebebc6cb9844

Owner

restinpeaceinout commented Nov 28, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/TypeScript Example/package.json
- examples/TypeScript Example/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsstore

The new version differs by 25 commits.

338e3c1 remove postinstall of opencollective
48d1040 Version - 2.10.0 released
0866fa7 removed async code causing file size more
620fc51 added windows7 as test for chrome
de32be4 transaction made async, updated terminated api to close all db
05f2d72 made tx logic async
39f876b release v 2.9.5
e916a75 request being executed while in tx fixed
6e62126 release v 2.9.4
0f81b4d Con to con
a270c5a tx issue with autoincrement when inserting fixed
f233cc2 issue with let fixed
958b97a Release 2.9.3
23057f6 code written for sorting with date type
4f2dcc7 updated webpack example
e89ad32 updated angular, ts example
0d4e1b1 updated angular example
b1671d6 updated electron example
9500a19 updated react example
ca805b9 electron example events issue fixed
17ce31e Merge branch 'master' into dev_version2
a116fe8 updated karma config
a4f6844 updated test case for insert causing fail
431a029 ādded then for upsert test

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution


          fix: examples/TypeScript Example/package.json & examples/TypeScript E…

…xample/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment