Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: dotenv, express, mongoose, nodemon, stripe #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: dotenv, express, mongoose, nodemon, stripe #1

wants to merge 1 commit into from

Conversation

IT21168222
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

dotenv
from 16.0.1 to 16.4.5 | 19 versions ahead of your current version | 7 months ago
on 2024-02-20
express
from 4.18.1 to 4.19.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-25
mongoose
from 6.4.4 to 6.13.0 | 56 versions ahead of your current version | 3 months ago
on 2024-06-06
nodemon
from 2.0.19 to 2.0.22 | 3 versions ahead of your current version | a year ago
on 2023-03-22
stripe
from 10.0.0 to 10.17.0 | 25 versions ahead of your current version | 2 years ago
on 2022-11-08

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 519 Proof of Concept
high severity Prototype Pollution
SNYK-JS-MONGOOSE-2961688		 519 Proof of Concept
high severity Prototype Pollution
SNYK-JS-MONGOOSE-5777721		 519 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 519 No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531		 519 Proof of Concept
medium severity Information Exposure
SNYK-JS-MONGODB-5871303		 519 No Known Exploit
Release notes
Package name: dotenv from dotenv GitHub release notes
Package name: express from express GitHub release notes
Package name: mongoose
  • 6.13.0 - 2024-06-06
  • 6.12.9 - 2024-05-24
  • 6.12.8 - 2024-04-10
  • 6.12.7 - 2024-03-01
  • 6.12.6 - 2024-01-22
  • 6.12.5 - 2024-01-03
  • 6.12.4 - 2023-12-27
  • 6.12.3 - 2023-11-07
  • 6.12.2 - 2023-10-25
  • 6.12.1 - 2023-10-12
  • 6.12.0 - 2023-08-24
  • 6.11.6 - 2023-08-21
  • 6.11.5 - 2023-08-01
  • 6.11.4 - 2023-07-17
  • 6.11.3 - 2023-07-11
  • 6.11.2 - 2023-06-08
  • 6.11.1 - 2023-05-08
  • 6.11.0 - 2023-05-01
  • 6.10.5 - 2023-04-06
  • 6.10.4 - 2023-03-21
  • 6.10.3 - 2023-03-13
  • 6.10.2 - 2023-03-07
  • 6.10.1 - 2023-03-03
  • 6.10.0 - 2023-02-22
  • 6.9.3 - 2023-02-22
  • 6.9.2 - 2023-02-16
  • 6.9.1 - 2023-02-06
  • 6.9.0 - 2023-01-25
  • 6.8.4 - 2023-01-17
  • 6.8.3 - 2023-01-06
  • 6.8.2 - 2022-12-28
  • 6.8.1 - 2022-12-19
  • 6.8.0 - 2022-12-05
  • 6.7.5 - 2022-11-30
  • 6.7.4 - 2022-11-28
  • 6.7.3 - 2022-11-22
  • 6.7.2 - 2022-11-07
  • 6.7.1 - 2022-11-02
  • 6.7.0 - 2022-10-24
  • 6.6.7 - 2022-10-21
  • 6.6.6 - 2022-10-20
  • 6.6.5 - 2022-10-05
  • 6.6.4 - 2022-10-03
  • 6.6.3 - 2022-09-30
  • 6.6.2 - 2022-09-26
  • 6.6.1 - 2022-09-14
  • 6.6.0 - 2022-09-08
  • 6.5.5 - 2022-09-07
  • 6.5.4 - 2022-08-30
  • 6.5.3 - 2022-08-25
  • 6.5.2 - 2022-08-10
  • 6.5.1 - 2022-08-03
  • 6.5.0 - 2022-07-26
  • 6.4.7 - 2022-07-25
  • 6.4.6 - 2022-07-20
  • 6.4.5 - 2022-07-18
  • 6.4.4 - 2022-07-08
from mongoose GitHub release notes
Package name: nodemon from nodemon GitHub release notes
Package name: stripe
  • 10.17.0 - 2022-11-08
    • #1610 API Updates
      • Add support for new values eg_tin, ph_tin, and tr_tin on enums Checkout.Session.customer_details.tax_ids[].type, Invoice.customer_tax_ids[].type, Order.tax_details.tax_ids[].type, and TaxId.type
      • Add support for new values eg_tin, ph_tin, and tr_tin on enums CustomerCreateParams.tax_id_data[].type, InvoiceUpcomingLinesParams.customer_details.tax_ids[].type, InvoiceUpcomingParams.customer_details.tax_ids[].type, OrderCreateParams.tax_details.tax_ids[].type, OrderUpdateParams.tax_details.tax_ids[].type, and TaxIdCreateParams.type
      • Add support for reason_message on Issuing.Authorization.request_history[]
      • Add support for new value webhook_error on enum Issuing.Authorization.request_history[].reason

    See the changelog for more details.

  • 10.16.0 - 2022-11-03
    • #1596 API Updates
      • Add support for on_behalf_of on CheckoutSessionCreateParams.subscription_data, SubscriptionCreateParams, SubscriptionSchedule.default_settings, SubscriptionSchedule.phases[], SubscriptionScheduleCreateParams.default_settings, SubscriptionScheduleCreateParams.phases[], SubscriptionScheduleUpdateParams.default_settings, SubscriptionScheduleUpdateParams.phases[], SubscriptionUpdateParams, and Subscription
      • Add support for tax_behavior and tax_code on InvoiceItemCreateParams, InvoiceItemUpdateParams, InvoiceUpcomingLinesParams.invoice_items[], and InvoiceUpcomingParams.invoice_items[]

    See the changelog for more details.

  • 10.16.0-beta.2 - 2022-11-02
    • #1598 API Updates for beta branch
      • Updated beta APIs to the latest stable version
      • Add support for cashappPayments and zipPayments on Account.
      • Add support for cashapp and zip on Charge, PaymentMethod.
      • Add support for trialSettings on SubscriptionSchedule.

    See the changelog for more details.

  • 10.16.0-beta.1 - 2022-10-22
    • #1589 API Updates for beta branch
      • Updated stable APIs to the latest version
      • Add support for new value revoked on enum CapitalFinancingOfferListParams.status
      • Add support for paypal on Charge.payment_method_details and Source
      • Add support for network_data on Issuing.Transaction
      • Add support for new value paypal on enum Source.type
      • Add support for billing_cycle_anchor on SubscriptionScheduleAmendParams.amendments[]

    See the changelog for more details.

  • 10.15.0 - 2022-10-20
    • #1588 API Updates
      • Add support for new values jp_trn and ke_pin on enums Checkout.Session.customer_details.tax_ids[].type, Invoice.customer_tax_ids[].type, Order.tax_details.tax_ids[].type, and TaxId.type
      • Add support for new values jp_trn and ke_pin on enums CustomerCreateParams.tax_id_data[].type, InvoiceUpcomingLinesParams.customer_details.tax_ids[].type, InvoiceUpcomingParams.customer_details.tax_ids[].type, OrderCreateParams.tax_details.tax_ids[].type, OrderUpdateParams.tax_details.tax_ids[].type, and TaxIdCreateParams.type
      • Add support for tipping on Terminal.Reader.action.process_payment_intent.process_config and TerminalReaderProcessPaymentIntentParams.process_config
    • #1585 use native UUID method if available

    See the changelog for more details.

  • 10.15.0-beta.1 - 2022-10-14
    • Add support for schedule_settings on SubscriptionScheduleAmendParams
    • Add support for new value upcoming_invoice on enum SubscriptionScheduleAmendParams.amendments[].amendment_end.type
    • Add support for new values schedule_end and upcoming_invoice on enum SubscriptionScheduleAmendParams.amendments[].amendment_start.type

    See the changelog for more details.

  • 10.14.0 - 2022-10-13
    • #1582 API Updates
      • Add support for new values invalid_representative_country and verification_failed_residential_address on enums Account.future_requirements.errors[].code, Account.requirements.errors[].code, Capability.future_requirements.errors[].code, Capability.requirements.errors[].code, Person.future_requirements.errors[].code, and Person.requirements.errors[].code
      • Add support for request_log_url on StripeError objects
      • Add support for network_data on Issuing.Authorization
      • ⚠️ Remove currency, description, images, and name from Checkout.SessionCreateParams. These properties do not work on the latest API version. (fixes #1575)

    See the changelog for more details.

  • 10.14.0-beta.1 - 2022-10-07
    • #1572 API Updates for beta branch
      • Updated stable APIs to the latest version

    See the changelog for more details.

  • 10.13.0 - 2022-10-06
    • #1571 API Updates
      • Add support for new value invalid_dob_age_under_18 on enums Account.future_requirements.errors[].code, Account.requirements.errors[].code, Capability.future_requirements.errors[].code, Capability.requirements.errors[].code, Person.future_requirements.errors[].code, and Person.requirements.errors[].code
      • Add support for new value bank_of_china on enums Charge.payment_method_details.fpx.bank, PaymentIntentConfirmParams.payment_method_data.fpx.bank, PaymentIntentCreateParams.payment_method_data.fpx.bank, PaymentIntentUpdateParams.payment_method_data.fpx.bank, PaymentMethod.fpx.bank, PaymentMethodCreateParams.fpx.bank, SetupIntentConfirmParams.payment_method_data.fpx.bank, SetupIntentCreateParams.payment_method_data.fpx.bank, and SetupIntentUpdateParams.payment_method_data.fpx.bank
      • Add support for new values America/Nuuk, Europe/Kyiv, and Pacific/Kanton on enum ReportingReportRunCreateParams.parameters.timezone
      • Add support for klarna on SetupAttempt.payment_method_details
    • #1570 Update node-fetch to 2.6.7
    • #1568 Upgrade dependencies
    • #1567 Fix release tag calculation

    See the changelog for more details.

  • 10.12.0 - 2022-09-29
    • #1564 API Updates
      • Change type of Charge.payment_method_details.card_present.incremental_authorization_supported and Charge.payment_method_details.card_present.overcapture_supported from boolean | null to boolean
      • Add support for created on Checkout.Session
      • Add support for setup_future_usage on PaymentIntent.payment_method_options.pix, PaymentIntentConfirmParams.payment_method_options.pix, PaymentIntentCreateParams.payment_method_options.pix, and PaymentIntentUpdateParams.payment_method_options.pix
      • Deprecate CheckoutSessionCreateParams.subscription_data.items (use the line_items param instead). This will be removed in the next major version.
    • #1563 Migrate other Stripe infrastructure to TS
    • #1562 Restore lib after generating
    • #1551 Re-introduce Typescript changes

    See the changelog for more details.

  • 10.12.0-beta.1 - 2022-09-26
  • 10.11.0 - 2022-09-22
  • 10.10.0 - 2022-09-15
  • 10.8.0 - 2022-09-07
  • 10.7.0 - 2022-08-31
  • 10.6.0 - 2022-08-26
  • 10.6.0-beta.1 - 2022-08-26
  • 10.5.0 - 2022-08-24
  • 10.4.0 - 2022-08-23
  • 10.4.0-beta.1 - 2022-08-23
  • 10.3.0 - 2022-08-19
  • 10.3.0-beta.1 - 2022-08-11
  • 10.2.0 - 2022-08-11
  • 10.1.0 - 2022-08-09
  • 10.1.0-beta.1 - 2022-08-03
  • 10.0.0 - 2022-08-02
from stripe GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
474a51e 
Snyk has created this PR to upgrade:
  - dotenv from 16.0.1 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - express from 4.18.1 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - mongoose from 6.4.4 to 6.13.0.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - nodemon from 2.0.19 to 2.0.22.
    See this package in npm: https://www.npmjs.com/package/nodemon
  - stripe from 10.0.0 to 10.17.0.
    See this package in npm: https://www.npmjs.com/package/stripe

See this project in Snyk:
https://app.snyk.io/org/it21168222/project/212ee755-ed9f-45d9-adf9-ff34c7050080?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@IT21168222 @snyk-bot