Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade mqtt from 1.14.1 to 2.8.0 #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade mqtt from 1.14.1 to 2.8.0 #15

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mqtt The new version differs by 160 commits.
  • cd454ae Bumped v2.8.0.
  • dba7cc6 Bumped ws and websocket-stream.
  • 156c1c9 Merge pull request #621 from mqttjs/fix-618
  • 42110fe Do not enqueue an unlimited amount of subscribes if disconnected
  • d297fcb Merge pull request #613 from nguyenthenguyen/master
  • bd38bc2 change docs keepalive from 10 to 60 seconds as default
  • a3dcf7a Bumped v2.7.2.
  • df0ca3c Merge pull request #610 from yohei1126/fix_tls_options
  • 4eb49a8 fix type of some fileds in ISecureClientOptions
  • 160cf7e Bumped v2.7.1.
  • c50c100 Merge pull request #606 from yohei1126/pub_options
  • 4e8fa7f Add duplicate flag to publish options in TypeScript definition
  • 66aa4e6 Bumped v2.7.0.
  • cb4ff7a Merge pull request #603 from adesys/publish_duplicate
  • e065fec Added unit test for duplicate publish option
  • 6241422 Add duplicate flag to publish options
  • e6bd5bc Bumped v2.6.2.
  • 6eb6e70 Bumped snazzy to v7
  • 8703cb3 Merge pull request #599 from rahulbhanushali/master
  • 3338042 Updated contact event to include the return code in case of errors.
  • b85dfd8 Bumped v2.6.1.
  • 2bfe05a Bumped [email protected]
  • f55a8e9 Bumped v2.6.0.
  • bd07a27 Merge pull request #594 from mqttjs/bumped-ws

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
03adfde 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-1296835
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot