Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade express-validator from 6.11.1 to 6.15.0 #352

Open
wants to merge 1 commit into
base: latest
Choose a base branch
from

Conversation

Terreii
Copy link
Owner

@Terreii Terreii commented Jun 5, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade express-validator from 6.11.1 to 6.15.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 9 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2023-02-16.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600
372/1000
Why? Proof of Concept exploit, CVSS 5.3
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express-validator from express-validator GitHub release notes
Commit messages
Package name: express-validator
  • 5202222 feat: update to support validator 13.9.0 (#1212)
  • 10ecbd1 deps: bump http-cache-semantics from 4.1.0 to 4.1.1 (#1210)
  • 5eedc19 deps: bump eta from 1.12.3 to 2.0.0 (#1211)
  • 067e908 deps: upgrade typescript to v4.3.5
  • 9d05a40 deps: bump ua-parser-js from 0.7.32 to 0.7.33 (#1208)
  • 4be387a 6.14.3
  • 692c0f9 Fix up version + docs:version scripts
  • 03c2d88 Fix infinite recursion when a field is called "*"
  • d8cd95e deps: bump minimatch and recursive-readdir (#1202)
  • aaa4a87 deps: bump json5 from 1.0.1 to 1.0.2 (#1201)
  • d61e455 docs: fix search input when hovered
  • 46c08dc docs: add algolia docsearch back
  • d34b63f Docusaurus v2 (#1199)
  • 8d7d7e0 gh: upgrade checkout and setup-node actions (#1197)
  • 42316c3 deps: upgrade TS + lint deps (#1196)
  • 2024e6e docs: update sanitization chain (#1195)
  • f68baf4 deps: bump decode-uri-component from 0.2.0 to 0.2.2 (#1189)
  • a946db1 deps: bump express from 4.17.1 to 4.18.2 (#1192)
  • 60ac20b deps: bump qs from 6.5.2 to 6.5.3 (#1191)
  • 02b69d4 Update issue template to include node.js version and runkit link
  • 870ee99 Also document schemas
  • 21e07e2 Add JsDocs to all public APIs
  • 6715a6a docs: fix up checkSchema syntax
  • 0b258a5 npm: upgrade to lockfile v2 and prune

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants