[Snyk] Security upgrade ldapjs from 1.0.2 to 3.0.7#52

Open

qmutz wants to merge 1 commit intodevelopfrom

snyk-fix-26859cd55157d9eefcb44f26ff9a4607

Owner

qmutz commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ldapjs

The new version differs by 250 commits.

b86c493 v3.0.7
9c6142d server: prevent crash on blank DN bind
6ceef13 v3.0.6
a433489 Add integration test for PasswordPolicyControl (Can't connect to server (meteor 1.2.0.2) RocketChat/Rocket.Chat#949)
bec2ff8 Add test for issue 940
6a67636 v3.0.5
971f1bb Resolve issue Fix #857 Cannot add user to room. RocketChat/Rocket.Chat#860
7b869f4 Resolve issue Enabling email verification forces pre-existing accounts, even admins, to verify after log out. RocketChat/Rocket.Chat#924
ac588a0 Add integration test for issue Added category "communications" to metadata RocketChat/Rocket.Chat#923
1cc6a73 v3.0.4
0fcad24 Fix ensureDN (#918)
3c7b7cb v3.0.3
1fe60e4 Update minimum dependencies
e2d516f Address crash for unmatched server responses
70ce9c3 update modification object in ldap.change ([Sandstorm] Uploads are improperly linked RocketChat/Rocket.Chat#910)
f289008 build(deps-dev): bump eslint from 8.41.0 to 8.42.0
6bd92a7 build(deps-dev): bump eslint from 8.40.0 to 8.41.0
830659f build(deps-dev): bump eslint-plugin-n from 15.7.0 to 16.0.0
0558c1a Add test for issue ON-Demand Channel Creation from Login RocketChat/Rocket.Chat#883
bdaaf29 Add test for issue Unread Notification Not Clearing RocketChat/Rocket.Chat#885
a37daf1 build(deps-dev): bump eslint from 8.39.0 to 8.40.0
29ddc4d build(deps): bump @ ldapjs/dn from 1.0.0 to 1.1.0
7fc99fd build(deps): bump @ ldapjs/messages from 1.0.2 to 1.1.0
2363ec7 build(deps-dev): bump eslint from 8.38.0 to 8.39.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Directory Traversal


          fix: package.json & package-lock.json to reduce vulnerabilities

1a67834

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet