[Snyk] Upgrade: cookie-session, express-handlebars, express-session, fs, moment, mysql2, nodemailer #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- cookie-session from 2.0.0 to 2.1.0.
See this package in npm: https://www.npmjs.com/package/cookie-session
- express-handlebars from 7.1.2 to 7.1.3.
See this package in npm: https://www.npmjs.com/package/express-handlebars
- express-session from 1.17.3 to 1.18.0.
See this package in npm: https://www.npmjs.com/package/express-session
- fs from 0.0.1-security to 0.0.2.
See this package in npm: https://www.npmjs.com/package/fs
- moment from 2.29.4 to 2.30.1.
See this package in npm: https://www.npmjs.com/package/moment
- mysql2 from 3.10.0 to 3.11.0.
See this package in npm: https://www.npmjs.com/package/mysql2
- nodemailer from 6.9.13 to 6.9.14.
See this package in npm: https://www.npmjs.com/package/nodemailer
See this project in Snyk:
https://app.snyk.io/org/akuzike8/project/bcc5a9aa-568c-4b04-aa31-6bf1a8405551?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
cookie-session
from 2.0.0 to 2.1.0 | 1 version ahead of your current version | 8 months ago
on 2024-01-24
express-handlebars
from 7.1.2 to 7.1.3 | 1 version ahead of your current version | 3 months ago
on 2024-06-19
express-session
from 1.17.3 to 1.18.0 | 1 version ahead of your current version | 7 months ago
on 2024-01-28
fs
from 0.0.1-security to 0.0.2 | 1 version ahead of your current version | 10 years ago
on 2014-09-12
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 8 months ago
on 2023-12-27
mysql2
from 3.10.0 to 3.11.0 | 4 versions ahead of your current version | a month ago
on 2024-07-27
nodemailer
from 6.9.13 to 6.9.14 | 1 version ahead of your current version | 3 months ago
on 2024-06-19
Release notes
Package name: cookie-session
-
2.1.0 - 2024-01-24
- Fix loading sessions with special keys
- deps: cookies@0.9.1
- Add
- Add
- Fix accidental cookie name/value truncation when given invalid chars
- Fix
- Remove quotes from returned quoted cookie value
- Use
- pref: small lookup regexp optimization
-
2.0.0 - 2021-12-16
- Change default cookie name to
- Change
- Create new session for all types of invalid sessions
- Drop support for Node.js 0.8
- Remove private
- Remove the
- Remove undocumented
- Remove undocumented
- Save all enumerable properties on
- Including
- Use
- Use
- deps: cookies@0.8.0
- Fix check for default
- Fix
- Support
- deps: depd@~2.0.0
- deps: keygrip@~1.1.0
- perf: remove argument reassignment
- deps: debug@3.2.7
- Add
- Add 256 color mode support
- Enable / disable namespaces dynamically
- Make millisecond timer namespace-specific
- Remove
- Use
- deps: on-headers@~1.0.2
- Fix
- deps: safe-buffer@5.2.1
- perf: reduce the scope of try-catch deopt
- perf: remove internal reference to request from session object
from cookie-session GitHub release notespartitionedoption for CHIPS supportpriorityoption for Priority cookie supportmaxAgeoption to reject invalid valuesreq.socketover deprecatedreq.connectionsession.populatedto.isPopulatedreq.session.save()keyoption; usenameinsteadreq.session.lengthto free up key namereq.sessionCookiesandreq.sessionKeyreq.session_-prefixed propertiesObject.definePropertyinstead of deprecated__define*__safe-bufferfor improved Buffer APIsecureoption behaviormaxAgeoption preventing cookie deletion"none"insameSiteoptionDEBUG_HIDE_DATEDEBUG_FDsupportDate#toISOString()when output is not a TTYres.writeHeadpatch missing return valuePackage name: express-handlebars
-
7.1.3 - 2024-06-19
- deps: update dependency glob to ^10.4.2 (#782) (676a537)
-
7.1.2 - 2023-08-08
- use types from handlebars for helpers (#617) (bc38da4)
from express-handlebars GitHub release notes7.1.3 (2024-06-19)
Bug Fixes
7.1.2 (2023-08-08)
Bug Fixes
Package name: express-session
-
1.18.0 - 2024-01-28
- Add debug log for pathname mismatch
- Add
- Add
- Fix handling errors from setting cookie
- Support any type in
- deps: cookie@0.6.0
- Fix
- perf: improve default decode speed
- perf: remove slow string split in parse
- deps: cookie-signature@1.0.7
-
1.17.3 - 2022-05-11
- Fix resaving already-saved new session at end of request
- deps: cookie@0.4.2
from express-session GitHub release notespartitionedtocookieoptionsprioritytocookieoptionssecretthatcrypto.createHmacsupportsexpiresoption to reject invalid datesPackage name: fs
-
0.0.2 - 2014-09-12
-
0.0.1-security - 2016-08-23
from fs GitHub release notesPackage name: moment
-
2.30.1 - 2023-12-27
-
2.30.0 - 2023-12-26
-
2.29.4 - 2022-07-06
from moment GitHub release notes2.30.1
2.30.0
2.29.4
Package name: mysql2
-
3.11.0 - 2024-07-27
- fully support VECTOR type results (9576742 and 3659488 )
-
3.10.3 - 2024-07-15
- handshake SSL error with AWS RDS (#2857) (de071bb)
-
3.10.2 - 2024-07-01
- typeCast: ensure the same behavior for
-
3.10.1 - 2024-06-13
- setMaxParserCache throws TypeError (#2757) (aa8604a)
-
3.10.0 - 2024-05-30
- add jsonStrings option (#2642) (9820fe5)
- stream: reads should emit the dataset number for each dataset (#2496, #2628) (4dab4ca)
from mysql2 GitHub release notes3.11.0 (2024-07-27)
Features
3.10.3 (2024-07-15)
Bug Fixes
3.10.2 (2024-07-01)
Bug Fixes
field.string()withqueryandexecute(#2820) (27e38ea)3.10.1 (2024-06-13)
Bug Fixes
3.10.0 (2024-05-30)
Features
Bug Fixes
Package name: nodemailer
-
6.9.14 - 2024-06-19
- api: Added support for Ethereal authentication (56b2205)
- services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
- services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
- well-known-services: Add Loopia in well known services (#1655) (21a28a1)
-
6.9.13 - 2024-03-20
- tls: Ensure servername for SMTP (d66fdd3)
from nodemailer GitHub release notes6.9.14 (2024-06-19)
Bug Fixes
6.9.13 (2024-03-20)
Bug Fixes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: