[Snyk] Upgrade mssql from 6.2.1 to 6.4.1 #336

snyk-bot · 2022-03-18T21:47:40Z

Snyk has created this PR to upgrade mssql from 6.2.1 to 6.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 22 days ago, on 2022-02-24.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Command Injection SNYK-JS-AZUREMSRESTNODEAUTH-1245464	497/1000 Why? Proof of Concept exploit, CVSS 7.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	497/1000 Why? Proof of Concept exploit, CVSS 7.8	Proof of Concept
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	497/1000 Why? Proof of Concept exploit, CVSS 7.8	Proof of Concept
Improper Input Validation SNYK-JS-XMLDOM-1534562	497/1000 Why? Proof of Concept exploit, CVSS 7.8	No Known Exploit
XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	497/1000 Why? Proof of Concept exploit, CVSS 7.8	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	497/1000 Why? Proof of Concept exploit, CVSS 7.8	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	497/1000 Why? Proof of Concept exploit, CVSS 7.8	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mssql

6.4.1 - 2022-02-24
v6.4.1
6.4.0 - 2021-11-18
6.4.0
6.3.2 - 2021-05-13
6.3.1 - 2021-01-01
6.3.0 - 2020-12-14
6.2.3 - 2020-09-25
6.2.2 - 2020-09-18
6.2.1 - 2020-07-22

from mssql GitHub release notes

Commit messages

Package name: mssql

602952b 6.4.1
6dee602 Merge pull request Is this a good way to handle headers? nextauthjs/next-auth#1361 from dhensby/pulls/6/eol
53ae3ab Update changelog
2e695ec Bump debug version
b16835e 6.4.0
95af20f Merge pull request Could we check authenticate for all pages inside same folder at /pages? nextauthjs/next-auth#1338 from dhensby/pulls/6/fix-config-inheritance
5c4ccc0 Update changelog
5838711 fix typo
b5d695b Transactions/PreparedStatement now return parent config for their own
708cdae Request should use this.parent not this.connection
0de3e65 Merge pull request Cognito authentication not working , How to set-up ? nextauthjs/next-auth#1339 from dhensby/pulls/test-node-14
5ff5394 Add node 14 to test matrix
6126b63 Merge pull request feat: make tokens available in profile callback nextauthjs/next-auth#1329 from dhensby/pulls/6/bump-deps
7adb992 Bump dependencies
6fe5d50 6.3.2
187232c Merge branch '5' into 6
921fc4a v5.1.5
8be3486 Bump deps
f60374b Merge pull request OpenId Support nextauthjs/next-auth#1201 from dhensby/pulls/6/dep-bump
d5f6c31 Merge branch '5' into pulls/6/dep-bump
d24745b Merge pull request Feature/openid account linking nextauthjs/next-auth#1200 from dhensby/pulls/dep-bump
671362a Bump outdated deps
375419b 6.3.1
6686c45 Merge branch '5' into 6

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mssql from 6.2.1 to 6.4.1. See this package in npm: https://www.npmjs.com/package/mssql See this project in Snyk: https://app.snyk.io/org/kadirselcuk/project/e1e374e1-c230-49c7-bde8-9babbcd6a951?utm_source=github&utm_medium=referral&page=upgrade-pr

mistaken-pull-closer · 2022-03-18T21:47:45Z

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog · 2022-03-18T21:47:46Z

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

@pull-dog up to reprovision or provision the server.
@pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
09148ea0-a705-11ec-855f-05f389b9813a

mistaken-pull-closer bot added the invalid This doesn't seem right label Mar 18, 2022

mistaken-pull-closer bot closed this Mar 18, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade mssql from 6.2.1 to 6.4.1 #336

[Snyk] Upgrade mssql from 6.2.1 to 6.4.1 #336

snyk-bot commented Mar 18, 2022

mistaken-pull-closer bot commented Mar 18, 2022

pull-dog bot commented Mar 18, 2022

[Snyk] Upgrade mssql from 6.2.1 to 6.4.1 #336

[Snyk] Upgrade mssql from 6.2.1 to 6.4.1 #336

Conversation

snyk-bot commented Mar 18, 2022

Snyk has created this PR to upgrade mssql from 6.2.1 to 6.4.1.

mistaken-pull-closer bot commented Mar 18, 2022

pull-dog bot commented Mar 18, 2022