[Snyk-beemo] Upgrade node-jq from 1.3.1 to 1.11.1 #1

snyk-bot · 2020-09-08T22:28:07Z

Snyk has created this PR to upgrade node-jq from 1.3.1 to 1.11.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 15 versions ahead of your current version.
The recommended version was released 4 months ago, on 2020-05-11.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-450202	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Remote Memory Exposure SNYK-JS-BL-608877	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Uninitialized Memory Exposure npm:tunnel-agent:20170305	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-YARGSPARSER-560381	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-KINDOF-537849	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-jq

1.11.1 - 2020-05-11
1.11.1 (2020-05-11)

Bug Fixes
- typescript: Added input to IOptions to resolve issue #299 (d875c30)
1.11.0 - 2019-11-07
1.11.0 (2019-11-07)

Features
- typescript definition support (c61427f)
- use Joi library for validation, new JQ class (675fd64)
1.10.3 - 2019-08-12
1.10.3 (2019-08-12)

Bug Fixes
- security: remove unused tap-diff package (ed10309)
1.10.2 - 2019-08-12
1.10.2 (2019-08-12)

Bug Fixes
- security: replace unmaintained isparta with nyc (d158d73)
1.10.1 - 2019-08-01
1.10.1 (2019-08-01)

Bug Fixes
- jq-core: check test output value (f1abdfd)
- stdin: throw errors on invalid input (1cad9fe)
1.10.0 - 2019-07-30
1.10.0 (2019-07-30)

Don't use this release! Use v1.10.1 or newer instead.

This release causes jq to hang in certain cases of JSON input, such as undefined, null or empty string input. stdin will wait for input forever (or until a timeout occurs.

Features
- stdin: pass json input to stdin instead of null-input (ced9c6d)
1.9.1 - 2019-07-18
1.9.1 (2019-07-18)

Bug Fixes
- Update standard and passing linting (#187) (78075a4)
- Update strip-eof with the rename (#186) (2999421)
1.9.0 - 2019-05-17
1.9.0 (2019-05-17)

Features
- jq: added ability to optionally specify jq binary location (#168) (ebdeaac)
1.8.1 - 2019-05-09
1.8.1 (2019-05-09)

Bug Fixes
- Remove binary key (2d43556)
1.8.0 - 2019-05-09
1.8.0 (2019-05-09)

Features
- install-binary: Check if file exist before changuing permisions (11d0ada)
1.7.1 - 2019-04-18
1.7.0 - 2019-04-17
1.6.0 - 2019-04-08
1.5.0 - 2019-01-07
1.4.0 - 2019-01-03
1.3.1 - 2018-07-11

from node-jq GitHub release notes

Commit messages

Package name: node-jq

569b559 Merge pull request #301 from jerrythomas/ts-options-input
d875c30 fix(typescript): Added input to IOptions to resolve issue #299
c53b817 build(deps-dev): bump semantic-release from 17.0.6 to 17.0.7 (#293)
aa4e478 build(deps-dev): bump husky from 4.0.10 to 4.2.5 (#290)
1f42fe7 build(deps): bump @types/hapi__joi from 15.0.3 to 17.1.0 (#300)
0551a89 build(deps-dev): bump semantic-release from 16.0.2 to 17.0.6 (#291)
06c85c0 build(deps): bump download from 7.1.0 to 8.0.0 (#287)
9346623 build(deps-dev): bump coveralls from 3.0.7 to 3.0.11 (#286)
5b11e1a build(deps-dev): bump standard from 14.3.1 to 14.3.3 (#284)
6283e89 build(deps): [security] bump acorn from 7.0.0 to 7.1.1 (#282)
9fdf212 build(deps): [security] bump handlebars from 4.0.12 to 4.7.3 (#272)
c16c799 build(deps-dev): bump semantic-release from 16.0.0 to 16.0.2 (#259)
3b5ffa9 build(deps-dev): bump husky from 4.0.5 to 4.0.10 (#260)
ec60807 build(deps-dev): bump semantic-release from 15.13.31 to 16.0.0 (#252)
633d2ed build(deps-dev): bump husky from 3.0.9 to 4.0.5 (#253)
e79469a build(deps-dev): bump semantic-release from 15.13.30 to 15.13.31 (#232)
0f5ec53 build(deps): [security] bump npm from 6.5.0 to 6.13.4 (#238)
d4285cd build(deps): [security] bump npm from 6.5.0 to 6.13.4
77ec329 ci(travis-deploy-once): add --pro option for travis-ci.com migration
9c7ea25 Merge pull request #228 from sanack/typescript-and-joi-validation
36a934a build(@hapi/joi): update to version ^16.1.7
d2e2aba style(lint): replace backticks by single quotes in non-template string
4db86b5 Merge pull request #203 from jpandersen87/master
c48b5f4 build(deps-dev): bump semantic-release from 15.13.27 to 15.13.30 (#226)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade node-jq from 1.3.1 to 1.11.1. See this package in npm: https://www.npmjs.com/package/node-jq See this project in Snyk: https://app.beemo.snyk.io/org/crystal.hirschorn/project/2c330009-0da9-4362-a5e1-0814294e02bb?utm_source=github&utm_medium=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk-beemo] Upgrade node-jq from 1.3.1 to 1.11.1 #1

[Snyk-beemo] Upgrade node-jq from 1.3.1 to 1.11.1 #1

Uh oh!

snyk-bot commented Sep 8, 2020

1.11.1 (2020-05-11)

Bug Fixes

1.11.0 (2019-11-07)

Features

1.10.3 (2019-08-12)

Bug Fixes

1.10.2 (2019-08-12)

Bug Fixes

1.10.1 (2019-08-01)

Bug Fixes

1.10.0 (2019-07-30)

Features

1.9.1 (2019-07-18)

Bug Fixes

1.9.0 (2019-05-17)

Features

1.8.1 (2019-05-09)

Bug Fixes

1.8.0 (2019-05-09)

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk-beemo] Upgrade node-jq from 1.3.1 to 1.11.1 #1

Are you sure you want to change the base?

[Snyk-beemo] Upgrade node-jq from 1.3.1 to 1.11.1 #1

Uh oh!

Conversation

snyk-bot commented Sep 8, 2020

Snyk has created this PR to upgrade node-jq from 1.3.1 to 1.11.1.

1.11.1 (2020-05-11)

Bug Fixes

1.11.0 (2019-11-07)

Features

1.10.3 (2019-08-12)

Bug Fixes

1.10.2 (2019-08-12)

Bug Fixes

1.10.1 (2019-08-01)

Bug Fixes

1.10.0 (2019-07-30)

Features

1.9.1 (2019-07-18)

Bug Fixes

1.9.0 (2019-05-17)

Features

1.8.1 (2019-05-09)

Bug Fixes

1.8.0 (2019-05-09)

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants