[Snyk] Upgrade: ms, node-fetch, pino, request-ip, semver#1354

Open

ali8889 wants to merge 1 commit intomasterfrom

snyk-upgrade-cf7f6d4b2410dc9aa746684d6934c315

Open

[Snyk] Upgrade: ms, node-fetch, pino, request-ip, semver#1354
ali8889 wants to merge 1 commit intomasterfrom
snyk-upgrade-cf7f6d4b2410dc9aa746684d6934c315

Conversation

Copy link

Owner

ali8889 commented Sep 22, 2024

Snyk has created this PR to upgrade multiple dependencies.

The following dependencies are linked and will therefore be updated together.

i Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

ms
from 2.1.1 to 2.1.3 | 2 versions ahead of your current version | 4 years ago
on 2020-12-08
node-fetch
from 2.1.1 to 2.7.0 | 22 versions ahead of your current version | a year ago
on 2023-08-23
pino
from 4.16.1 to 4.17.6 | 6 versions ahead of your current version | 6 years ago
on 2018-07-29
request-ip
from 2.0.2 to 2.2.0 | 4 versions ahead of your current version | 2 years ago
on 2022-06-01
semver
from 5.5.0 to 5.7.2 | 5 versions ahead of your current version | a year ago
on 2023-07-10

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	539	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	539	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	539	No Known Exploit

Release notes

Package name: ms

2.1.3 - 2020-12-08
Patches
- Rename zeit to vercel: #151
- Bump eslint from 4.12.1 to 4.18.2: #122
- Add prettier as a dev dependency: #135 #153
- Use GitHub Actions CI: #154
Credits

Huge thanks to @ getsnoopy for helping!
2.1.2 - 2019-06-06
Patches
- Fixed negative decimals less than -10 don't work: #111
- Support error in case of Infinity: #116
- Update regexp for 10-.5 is invalid input: #117
- Update chat badge: #119
Credits

Huge thanks to @ yuler and @ 7ma7X for helping!
2.1.1 - 2017-11-30
Patches
- Add full support for negative numbers: #104
Credits

Huge thanks to @ thevtm for helping!

from ms GitHub release notes

Package name: node-fetch

2.7.0 - 2023-08-23
2.7.0 (2023-08-23)

Features
- AbortError (#1744) (9b9d458)
2.6.13 - 2023-08-18
2.6.13 (2023-08-18)

Bug Fixes
- Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736
2.6.12 - 2023-06-29
2.6.12 (2023-06-29)

Bug Fixes
- socket variable testing for undefined (#1726) (8bc3a7c)
2.6.11 - 2023-05-09
2.6.11 (2023-05-09)

Reverts
- Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741
2.6.10 - 2023-05-08
2.6.10 (2023-05-08)

Bug Fixes
- handle bom in text and json (#1739) (29909d7)
2.6.9 - 2023-01-30
2.6.9 (2023-01-30)

Bug Fixes
- "global is not defined" (#1704) (70f592d)
2.6.8 - 2023-01-13
2.6.8 (2023-01-13)

Bug Fixes
- headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599
- premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 /github.com/node-fetch/node-fetch/pull/1064#issuecomment-849167400
- prevent hoisting of the undefined global variable in browser.js (#1534) (8bb6e31)
2.6.7 - 2022-01-16
2.6.6 - 2021-10-31
2.6.5 - 2021-09-22
2.6.4 - 2021-09-21
2.6.3 - 2021-09-20
2.6.2 - 2021-09-06
2.6.1 - 2020-09-05
2.6.0 - 2019-05-16
2.5.0 - 2019-05-01
2.4.1 - 2019-04-27
2.4.0 - 2019-04-26
2.3.0 - 2018-11-13
2.2.1 - 2018-11-05
2.2.0 - 2018-07-22
2.1.2 - 2018-03-25
2.1.1 - 2018-03-05

from node-fetch GitHub release notes

Package name: pino

4.17.6 - 2018-07-29
- Do not cast to strickt Error#stack #464
4.17.5 - 2018-07-20
- Support logging errors that do not contain a stack #457
4.17.3 - 2018-06-02
- internal typo and circular formatting fix - #422
4.17.2 - 2018-05-30
- Fix level set in browser logger #424
4.17.1 - 2018-05-30
- Fix to set level in the browser #424
4.17.0 - 2018-05-27
- Add level and levelVal property to browser pino #418 #419
4.16.1 - 2018-04-06

from pino GitHub release notes

Package name: request-ip

2.2.0 - 2022-06-01
2.2.0
2.1.3 - 2018-10-29
bump version number and add new build
2.1.1 - 2018-07-03
2.1.0 - 2018-07-03
2.0.2 - 2017-06-26

from request-ip GitHub release notes

Package name: semver

5.7.2 - 2023-07-10
5.7.2 (2023-07-10)

Bug Fixes
- 2f8fd41 #585 better handling of whitespace (#585) (@ joaomoreno, @ lukekarrys)
5.7.1 - 2019-08-12
5.7.0 - 2019-03-26
5.6.0 - 2018-10-10
5.5.1 - 2018-08-17
5.5.0 - 2018-01-16

from semver GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

View latest project report

Customise PR templates

Adjust upgrade PR settings

Ignore this dependency or unsubscribe from future upgrade PRs


 fix: upgrade multiple dependencies with Snyk

5c37238

Snyk has created this PR to upgrade: - ms from 2.1.1 to 2.1.3. See this package in npm: https://www.npmjs.com/package/ms - node-fetch from 2.1.1 to 2.7.0. See this package in npm: https://www.npmjs.com/package/node-fetch - pino from 4.16.1 to 4.17.6. See this package in npm: https://www.npmjs.com/package/pino - request-ip from 2.0.2 to 2.2.0. See this package in npm: https://www.npmjs.com/package/request-ip - semver from 5.5.0 to 5.7.2. See this package in npm: https://www.npmjs.com/package/semver See this project in Snyk: https://app.snyk.io/org/ali8668/project/d2bc4c8e-fae4-4f5a-be7d-a7804c850973?utm_source=github&utm_medium=referral&page=upgrade-pr

Labels

None yet

Conversation

ali8889 commented Sep 22, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

Patches

Credits

Patches

Credits

Patches

Credits

2.7.0 (2023-08-23)

Features

2.6.13 (2023-08-18)

Bug Fixes

2.6.12 (2023-06-29)

Bug Fixes

2.6.11 (2023-05-09)

Reverts

2.6.10 (2023-05-08)

Bug Fixes

2.6.9 (2023-01-30)

Bug Fixes

2.6.8 (2023-01-13)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants