Commit c015eab

authored

Bump the npm_and_yarn group across 2 directories with 33 updates

Bumps the npm_and_yarn group with 4 updates in the /vulnerable_repos/juice-shop directory: [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken), [multer](https://github.com/expressjs/multer), [sanitize-html](https://github.com/apostrophecms/sanitize-html) and [socket.io](https://github.com/socketio/socket.io). Bumps the npm_and_yarn group with 18 updates in the /vulnerable_repos/NodeGoat directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.18.3` | `1.20.4` | | [express](https://github.com/expressjs/express) | `4.16.4` | `4.22.1` | | [grunt](https://github.com/gruntjs/grunt) | `1.0.3` | `1.6.1` | | [marked](https://github.com/markedjs/marked) | `0.3.5` | `4.0.10` | | [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.7` | | [async](https://github.com/caolan/async) | `2.6.1` | `2.6.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [tmp](https://github.com/raszi/node-tmp) | `0.0.24` | `0.2.5` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` | | [got](https://github.com/sindresorhus/got) | `6.7.1` | `removed` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [qs](https://github.com/ljharb/qs) | `6.3.2` | `6.3.3` | | [i](https://github.com/pksunkara/inflect) | `0.3.6` | `0.3.7` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsonpointer](https://github.com/janl/node-jsonpointer) | `4.0.0` | `5.0.1` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.1` | `1.1.0` | | [set-value](https://github.com/jonschlinkert/set-value) | `2.0.0` | `2.0.1` | Updates `jsonwebtoken` from 0.4.0 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](https://github.com/auth0/node-jsonwebtoken/commits/v9.0.0) Updates `multer` from 1.4.5-lts.2 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.2...v2.0.2) Updates `sanitize-html` from 1.4.2 to 2.12.1 - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/sanitize-html/commits/2.12.1) Updates `socket.io` from 3.1.2 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/3.1.2...socket.io@4.8.1) Updates `body-parser` from 1.18.3 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.18.3...1.20.4) Updates `express` from 4.16.4 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.16.4...v4.22.1) Updates `express` from 4.16.4 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.16.4...v4.22.1) Updates `grunt` from 1.0.3 to 1.6.1 - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/main/CHANGELOG) - [Commits](gruntjs/grunt@v1.0.3...v1.6.1) Updates `js-yaml` from 3.5.5 to 3.6.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.5.5...3.6.1) Updates `marked` from 0.3.5 to 4.0.10 - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v0.3.5...v4.0.10) Updates `underscore` from 1.9.1 to 1.13.7 - [Commits](jashkenas/underscore@1.9.1...1.13.7) Updates `async` from 2.6.1 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.1...v2.6.4) Updates `ajv` from 6.10.0 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.0...v6.12.6) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `bson` from 1.0.9 to 7.0.0 - [Release notes](https://github.com/mongodb/js-bson/releases) - [Changelog](https://github.com/mongodb/js-bson/blob/main/HISTORY.md) - [Commits](mongodb/js-bson@v1.0.9...v7.0.0) Updates `tmp` from 0.0.24 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.0.24...v0.2.5) Updates `tough-cookie` from 2.2.2 to 2.3.1 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.2.2...v2.3.1) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `fsevents` from 1.2.9 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) Updates `minimatch` from 0.3.0 to 3.0.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v0.3.0...v3.0.2) Updates `getobject` from 0.1.0 to 1.0.2 - [Release notes](https://github.com/cowboy/node-getobject/releases) - [Commits](cowboy/node-getobject@v0.1.0...v1.0.2) Removes `got` Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `qs` from 6.3.2 to 6.3.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `hoek` from 0.9.1 to 2.16.3 - [Release notes](https://github.com/hapijs/hoek/releases) - [Commits](hapijs/hoek@v0.9.1...v2.16.3) Updates `i` from 0.3.6 to 0.3.7 - [Commits](pksunkara/inflect@v0.3.6...v0.3.7) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsonpointer` from 4.0.0 to 5.0.1 - [Release notes](https://github.com/janl/node-jsonpointer/releases) - [Commits](janl/node-jsonpointer@4.0.0...v5.0.1) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Updates `on-headers` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.1...v1.1.0) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.16.2 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.16.2...0.19.0) Updates `serve-static` from 1.13.2 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.13.2...v1.16.2) Updates `set-value` from 2.0.0 to 2.0.1 - [Commits](jonschlinkert/set-value@2.0.0...2.0.1) Updates `undefsafe` from 2.0.2 to 2.0.5 - [Release notes](https://github.com/remy/undefsafe/releases) - [Commits](remy/undefsafe@v2.0.2...v2.0.5) --- updated-dependencies: - dependency-name: jsonwebtoken dependency-version: 9.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: sanitize-html dependency-version: 2.12.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: grunt dependency-version: 1.6.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: marked dependency-version: 4.0.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: underscore dependency-version: 1.13.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: async dependency-version: 2.6.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.12.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bson dependency-version: 7.0.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 2.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-version: 1.2.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: getobject dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: got dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hoek dependency-version: 2.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: i dependency-version: 0.3.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-version: 0.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonpointer dependency-version: 5.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-version: 3.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: set-value dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undefsafe dependency-version: 2.0.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

1 parent d50f821 commit c015eabCopy full SHA for c015eab

3 files changed

vulnerable_repos
- NodeGoat
  - package-lock.json
  - package.json
- juice-shop
  - package.json

Comments

(0)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit c015eab

File tree

0 commit comments