Skip to content

[Snyk] Security upgrade realm from 10.10.1 to 10.19.2 #2066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 4, 2022
Merged

[Snyk] Security upgrade realm from 10.10.1 to 10.19.2 #2066

merged 3 commits into from
Aug 4, 2022

Conversation

admin-token-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • tutorial/node-cli/package.json
    • tutorial/node-cli/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEFETCH-2964180		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: realm The new version differs by 235 commits.
  • 7f5c421 [10.19.2] Bump version
  • c9827c1 Update node-fetch to version 3.2.6 (#4664)
  • e5418e2 Update node-fetch to version 3.2.6 (#4665)
  • fe0a896 Update realm.io/common to 0.1.2 (#4660)
  • 7a2c438 Pin BaaS in the Realm Web PR workflow (#4661)
  • cb9b955 Fix Realm Peer Dependency in @ realm/react (#4640)
  • b0d3b6a Fix a typo in flexible sync tests (#4641)
  • 79ea96f Defaulting to 10.0.2.2 on Android (#4635)
  • 0329180 Refactored make_js_error into Object::create_error (#4634)
  • bf2f459 callFunction argument validation (#4626)
  • 55265ea Upgrading Realm Web integration test deps (#4633)
  • 76b1b18 Adding timeout to the Realm Web PR workflow
  • 1c2fe98 Upgrade Example to RN 0.68.2 (#4631)
  • c4872ea Update package-lock.json
  • 58d1dad Templates 0.3.0 (#4608)
  • b3efd93 Increasing timeout and deleting objects
  • 39f2cb3 Adding changelog template
  • ee9175b [10.19.1] Bump version
  • 99fd004 Remove old, unused scripts (#4613)
  • d50a153 Adding test verifing synced Realms opened as local (#4624)
  • 550ed86 Remove support for node.js v12 and earlier. Bump Node-API to v5. (#4614)
  • c203614 Fix FLX error scenario tests (compensating writes) (#4615)
  • 0fb0967 Realm.Configuration.sync can be a boolean (#4616)
  • b63a2c0 Updated cmake config to read arch from `NODE_ARCH` (#4612)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot added 2 commits July 31, 2022 14:51
@snyk-bot @admin-token-bot
fix: tutorial/node-cli/package.json & tutorial/node-cli/package-lock.…
b48c8c8 
…json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2964180
@snyk-bot @admin-token-bot
fix: tutorial/node-cli/package.json & tutorial/node-cli/package-lock.…
425e3bd 
…json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2964180
@github-actions
Copy link

Flesch Reading Ease scores for changed documents:

The following table can be helpful in assessing the readability score of a document.

Score Difficulty
90-100 Very Easy
80-89 Easy
70-79 Fairly Easy
60-69 Medium
50-59 Fairly Hard
30-49 Hard
0-29 Very Hard

@dacharyc dacharyc merged commit 8aec387 into master Aug 4, 2022
@dacharyc dacharyc deleted the snyk-fix-f594e4c6e5f88a9e17de478eab1c63da branch August 4, 2022 20:45
@github-actions
Copy link

github-actions bot commented Aug 4, 2022

Flesch Reading Ease scores for changed documents:

The following table can be helpful in assessing the readability score of a document.

Score Difficulty
90-100 Very Easy
80-89 Easy
70-79 Fairly Easy
60-69 Medium
50-59 Fairly Hard
30-49 Hard
0-29 Very Hard

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dacharyc dacharyc dacharyc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@admin-token-bot @dacharyc @snyk-bot