-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Security upgrade fastify-swagger from 4.17.1 to 5.2.0 #167
base: master
Are you sure you want to change the base?
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEND-7926862
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
Quality Gate passedIssues Measures |
@@ -49,7 +49,7 @@ | |||
"dot": "^1.1.3", | |||
"dotenv": "^8.6.0", | |||
"fastify-multipart": "^5.4.0", | |||
"fastify-swagger": "^4.17.1", | |||
"fastify-swagger": "^5.2.0", | |||
"graphql": "^16.6.0", | |||
"jose": "^4.13.1", | |||
"jsonwebtoken": "^8.5.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jsonwebtoken 8.5.1 / package.json
Total vulnerabilities: 4
Critical: 0 | High: 3 | Medium: 1 | Low: 0 |
---|
Vulnerability ID | Severity | CVSS | Fixed in | Status |
---|---|---|---|---|
CVE-2022-25883 | HIGH | 7.5 | - |
Open |
CVE-2022-23539 | HIGH | 8.1 | - |
Open |
CVE-2022-23540 | HIGH | 7.6 | - |
Open |
CVE-2022-23541 | MEDIUM | 6.3 | - |
Open |
@@ -49,7 +49,7 @@ | |||
"dot": "^1.1.3", | |||
"dotenv": "^8.6.0", | |||
"fastify-multipart": "^5.4.0", | |||
"fastify-swagger": "^4.17.1", | |||
"fastify-swagger": "^5.2.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
axios 0.21.4 / package.json
Total vulnerabilities: 1
Critical: 0 | High: 0 | Medium: 1 | Low: 0 |
---|
Vulnerability ID | Severity | CVSS | Fixed in | Status |
---|---|---|---|---|
CVE-2024-28849 | MEDIUM | 6.5 | - |
Open |
@@ -49,7 +49,7 @@ | |||
"dot": "^1.1.3", | |||
"dotenv": "^8.6.0", | |||
"fastify-multipart": "^5.4.0", | |||
"fastify-swagger": "^4.17.1", | |||
"fastify-swagger": "^5.2.0", | |||
"graphql": "^16.6.0", | |||
"jose": "^4.13.1", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jose 4.13.1 / package.json
Total vulnerabilities: 1
Critical: 0 | High: 0 | Medium: 1 | Low: 0 |
---|
Vulnerability ID | Severity | CVSS | Fixed in | Status |
---|---|---|---|---|
CVE-2024-28176 | MEDIUM | 5.3 | 4.15.5 |
Open |
@@ -49,7 +49,7 @@ | |||
"dot": "^1.1.3", | |||
"dotenv": "^8.6.0", | |||
"fastify-multipart": "^5.4.0", | |||
"fastify-swagger": "^4.17.1", | |||
"fastify-swagger": "^5.2.0", | |||
"graphql": "^16.6.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
graphql 16.6.0 / package.json
Total vulnerabilities: 1
Critical: 0 | High: 0 | Medium: 1 | Low: 0 |
---|
Vulnerability ID | Severity | CVSS | Fixed in | Status |
---|---|---|---|---|
CVE-2023-26144 | MEDIUM | 5.3 | 16.8.1 |
Open |
New Issues
|
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.json
package-lock.json
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-SEND-7926862
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Scripting