[Snyk] Upgrade tus-node-server from 0.3.2 to 0.8.1

[snyk-bot]

Snyk has created this PR to upgrade tus-node-server from 0.3.2 to 0.8.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2022-10-03.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	365/1000 Why? CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	365/1000 Why? CVSS 7.3	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	365/1000 Why? CVSS 7.3	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	365/1000 Why? CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	365/1000 Why? CVSS 7.3	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	365/1000 Why? CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	365/1000 Why? CVSS 7.3	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	365/1000 Why? CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	365/1000 Why? CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: tus-node-server

• 0.8.1 - 2022-10-03
  

  What's Changed

  Bug fixes

  • Fix issue where there is no error checking bucket exists in GCSDataStore by @ angelsk in #299
  • Emit upload complete event when using creation-with-upload extension by @ mitjap in #301
  • Fix validation of upload-length header in patch handler by @ mitjap in #303

  Dependencies

  • Revert "Bump tus-js-client from 2.3.1 to 3.0.0" by @ mitjap in #302
  • Bump aws-sdk from 2.1206.0 to 2.1227.0 by @ dependabot in #305
  • Bump @ google-cloud/storage from 6.4.1 to 6.5.2 by @ dependabot in #304

  New Contributors

  • @ angelsk made their first contribution in #299

  Full Changelog: v0.8.0...v0.8.1

• 0.8.0 - 2022-09-29
  

  What's Changed

  Breaking changes

  Redesign stores for better separation of concerns by @ mitjap in #186

  • FileStore now accepts a directory instead of path.

  - new FileStore({ path: './files' });
  + new FileStore({ directory: './files' });

  • DataStores don't emit events anymore, instead the request handlers do.

  Bug fixes

  • Fix creation-defer-length extension for all stores by @ Murderlon in #297
  • Fix too small parts with S3 datastore by @ mitjap in #284
  • GCS: ignore insufficient access error by @ mitjap in #294
  • Fix upload ID when using S3 store with Digital Ocean Spaces by @ manelio in #296

  Dependencies

  • Bump @ google-cloud/storage from 6.2.3 to 6.4.1 by @ dependabot in #286
  • Bump tus-js-client from 2.3.1 to 3.0.0 by @ dependabot in #289
  • Bump aws-sdk from 2.1166.0 to 2.1206.0 by @ dependabot in #288
  • Bump eslint-plugin-promise from 6.0.0 to 6.0.1 by @ dependabot in #287

  Meta

  • Do not run GitHub Actions in parallel by @ Murderlon in #298

  New Contributors

  • @ manelio made their first contribution in #296

  Full Changelog: v0.7.1...v0.8.0

• 0.7.1 - 2022-08-03
  

  What's Changed

  • Correctly throw error in S3 store and check for file ID in GCSDataStore by @ mitjap in #269
  • S3Store: fix broken upload with deferred length or without metadata by @ mitjap in #270

  Meta

  • GitHub Actions: allow PRs from forks to run with secrets by @ Murderlon in #267
  • GitHub Actions: Add paths to pull_request_target by @ Murderlon in #268
  • Try to fix GH Actions for PRs from forks again by @ Murderlon in #271
  • Fix actions checkout by @ Murderlon in #280
  • Fix eslint errors by @ Murderlon in #279

  Dependencies

  • Bump @ google-cloud/storage from 5.19.4 to 6.2.2 by @ dependabot in #266
  • Bump aws-sdk from 2.1125.0 to 2.1166.0 by @ dependabot in #264
  • Bump @ google-cloud/storage from 6.2.2 to 6.2.3 by @ dependabot in #277
  • Bump supertest from 6.2.3 to 6.2.4 by @ dependabot in #278

  Full Changelog: v0.7.0...v0.7.1

• 0.7.0 - 2022-06-27
  

  What's Changed

  • index.d.ts: explicitly type Server.get callback parameter signature by @ erikjwaxx in #255
  • index.d.ts: fix http import to work without default exports set by @ erikjwaxx in #254
  • announce to client that FileStore supports termination extension by @ mitjap in #261
  • Reject partial upload if concatenation extension is not supported by @ mitjap in #262

  New Contributors

  • @ erikjwaxx made their first contribution in #255

  Full Changelog: v0.6.0...v0.7.0

• 0.6.0 - 2022-05-19
  Read more
• 0.5.2 - 2022-03-08
  Read more
• 0.5.1 - 2022-02-21
  Read more
• 0.5.0 - 2022-02-03
  Read more
• 0.4.0 - 2021-11-15
  Read more
• 0.3.2 - 2018-09-13

from tus-node-server GitHub release notes

Commit messages

Package name: tus-node-server

• f6670b0 0.8.1
• 63b7330 Fix validation of upload-length header in patch handler (Pagination/Performance (Publish/Subscribe) #303)
• 2e89200 Bump @ google-cloud/storage from 6.4.1 to 6.5.2 (Copy email on Facebook account creation #304)
• 2d76d17 Bump aws-sdk from 2.1206.0 to 2.1227.0 (Dashboard and Console enhancements #305)
• 362b2c5 Revert "Bump tus-js-client from 2.3.1 to 3.0.0" (Order Processing - dashboard widgets #302)
• 743ea99 Emit upload complete event when using creation-with-upload extension (Order Processing - manual add/edit order #301)
• 9eeb26c GCS: fix error handling when checking for bucket existence (Write docs for user management #299)
• 9cbf66f 0.8.0
• 7b6cc79 Simplify imports
• b415e1a Use JS for eslintrc
• 04009ea Fix creation-defer-length extension for all stores (Write docs for code testing #297)
• 43c45b7 Do not run GitHub Actions in parallel (Write docs for CI implementation #298)
• e34b7a2 Fix upload ID when using S3 store with Digital Ocean Spaces (Write docs for promotion analytics #296)
• 6f4cca6 Redesign stores for better separation of concerns (Global currency formatting for localization #186)
• e7669c7 GCS: ignore insufficient access error (Write docs for bulk order processing #294)
• eacfcdb Bump eslint-plugin-promise from 6.0.0 to 6.0.1 (Detailed order review in checkout #287)
• ad3b3b0 Bump aws-sdk from 2.1166.0 to 2.1206.0 (Export orders as CSV #288)
• d07495e Bump tus-js-client from 2.3.1 to 3.0.0 (Export/sync order data to google sheet #289)
• ba23146 Bump @ google-cloud/storage from 6.2.3 to 6.4.1 (Bulk order processing #286)
• e79dbb3 Fix parts too small with S3 datastore (Audit logging #284)
• ba0a7bd 0.7.1
• bdbc09b Bump supertest from 6.2.3 to 6.2.4 (Refactor cart state machine into methods with hooks #278)
• ad8af34 Bump @ google-cloud/storage from 6.2.2 to 6.2.3 (Implement sorting and filtering of search results #277)
• 51e7c6c Fix eslint errors (Analytics for Search #279)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: b97bd62

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR