Update some insecure dependencies #1841

ricardograca · 2018-05-10T11:20:21Z

Introduction

Update mysql and lodash to their latest versions.

Motivation

There were some security issues recently with these two dependencies. More info:

Lodash: https://nodesecurity.io/advisories/577
Mysql: https://nodesecurity.io/advisories/602

- Required to fix a Prototype Pollution vulnerability in lodash prior to version 4.17.5: https://nodesecurity.io/advisories/577

- Required to fix a Remote Memory Exposure vulnerability in mysql prior to version 2.14.0: https://nodesecurity.io/advisories/602

ricardograca added 2 commits May 10, 2018 11:51

Update lodash to the latest version

3edfeb1

- Required to fix a Prototype Pollution vulnerability in lodash prior to version 4.17.5: https://nodesecurity.io/advisories/577

Update mysql to the latest version

d0d416e

- Required to fix a Remote Memory Exposure vulnerability in mysql prior to version 2.14.0: https://nodesecurity.io/advisories/602

ricardograca added this to To Do in Version 0.14.0 via automation May 10, 2018

ricardograca merged commit 10fd039 into master May 10, 2018

Version 0.14.0 automation moved this from To Do to Done May 10, 2018

ricardograca deleted the rg-update-depdencies branch May 10, 2018 11:24

ricardograca changed the title ~~Update some insecure depdencies~~ Update some insecure dependencies Nov 22, 2018

ricardograca added the dependencies label Nov 22, 2018

snyk-bot mentioned this pull request May 7, 2020

[Snyk] Upgrade bookshelf from 0.12.1 to 0.15.2 Financial-Times/fruit#4

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update some insecure dependencies #1841

Update some insecure dependencies #1841

ricardograca commented May 10, 2018 •

edited

Update some insecure dependencies #1841

Update some insecure dependencies #1841

Conversation

ricardograca commented May 10, 2018 • edited

Introduction

Motivation

ricardograca commented May 10, 2018 •

edited