[Snyk] Security upgrade ldapjs from 1.0.2 to 3.0.7#169

Open

apavlidi wants to merge 1 commit intomasterfrom

snyk-fix-f6164b2a5b198f423991288b458a45e1

Owner

apavlidi commented May 15, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	524/1000 Why? Has a fix available, CVSS 6.2	Remote Code Execution (RCE) SNYK-JS-BUNYAN-573166	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ldapjs

The new version differs by 250 commits.

b86c493 v3.0.7
9c6142d server: prevent crash on blank DN bind
6ceef13 v3.0.6
a433489 Add integration test for PasswordPolicyControl (#949)
bec2ff8 Add test for issue 940
6a67636 v3.0.5
971f1bb Resolve issue #860
7b869f4 Resolve issue #924
ac588a0 Add integration test for issue #923
1cc6a73 v3.0.4
0fcad24 Fix ensureDN (#918)
3c7b7cb v3.0.3
1fe60e4 Update minimum dependencies
e2d516f Address crash for unmatched server responses
70ce9c3 update modification object in ldap.change (#910)
f289008 build(deps-dev): bump eslint from 8.41.0 to 8.42.0
6bd92a7 build(deps-dev): bump eslint from 8.40.0 to 8.41.0
830659f build(deps-dev): bump eslint-plugin-n from 15.7.0 to 16.0.0
0558c1a Add test for issue #883
bdaaf29 Add test for issue #885
a37daf1 build(deps-dev): bump eslint from 8.39.0 to 8.40.0
29ddc4d build(deps): bump @ ldapjs/dn from 1.0.0 to 1.1.0
7fc99fd build(deps): bump @ ldapjs/messages from 1.0.2 to 1.1.0
2363ec7 build(deps-dev): bump eslint from 8.38.0 to 8.39.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn


          fix: package.json & package-lock.json to reduce vulnerabilities

8f3f5d6

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BUNYAN-573166
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet