Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
caravaggio
Advanced tools
caravaggio - npm Package Compare versions
Comparing version 2.2.1 to 2.2.2
| # Changelog | ||
| ## 2.2.2 | ||
| - Various documentation fixes | ||
| - Update dependencies | ||
| ## 2.2.1 | ||
@@ -4,0 +9,0 @@ |
@@ -1,2 +0,2 @@ | ||
| [{"type":"issue","check_name":"Vulnerable module \"tough-cookie\" identified","description":"`tough-cookie` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.\n\nUnless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.\n\nAt the time of writing all version \u003c=2.3.2 are vulnerable\n\n## Recommendation:\nPlease update to version 2.3.3 or greater"},"location":{"path":"package-lock.json","lines":{"begin":3214,"end":3221}},"engine_name":"nodesecurity","fingerprint":"f06ee92c3bc4d7d37b51a549f59dd4f0","severity":"minor"}, | ||
| {"type":"issue","check_name":"Vulnerable module \"debug\" identified","description":"`debug` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\n\n## Recommendation:\nUpgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater."},"location":{"path":"package-lock.json","lines":{"begin":2563,"end":2570}},"engine_name":"nodesecurity","fingerprint":"82f98b1c73a1bd2659e5d0a968d287a5","severity":"minor"}] | ||
| [{"type":"issue","check_name":"Vulnerable module \"tough-cookie\" identified","description":"`tough-cookie` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.\n\nUnless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.\n\nAt the time of writing all version \u003c=2.3.2 are vulnerable\n\n## Recommendation:\nPlease update to version 2.3.3 or greater"},"location":{"path":"package-lock.json","lines":{"begin":3251,"end":3258}},"engine_name":"nodesecurity","fingerprint":"4cdf86fa345ebf706041609832e5a167","severity":"minor"}, | ||
| {"type":"issue","check_name":"Vulnerable module \"debug\" identified","description":"`debug` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\n\n## Recommendation:\nUpgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater."},"location":{"path":"package-lock.json","lines":{"begin":2600,"end":2607}},"engine_name":"nodesecurity","fingerprint":"82f98b1c73a1bd2659e5d0a968d287a5","severity":"minor"}] |
| { | ||
| "name": "caravaggio", | ||
| "version": "2.2.1", | ||
| "version": "2.2.2", | ||
| "description": "A blazing fast image processor service", | ||
@@ -20,6 +20,3 @@ "main": "index.js", | ||
| }, | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "git+ssh://git@gitlab.com/ramiel/caravaggio.git" | ||
| }, | ||
| "repository": "gitlab:ramiel/caravaggio", | ||
| "keywords": [ | ||
@@ -40,10 +37,10 @@ "image", | ||
| "config": "^1.30.0", | ||
| "fs-extra": "^5.0.0", | ||
| "fs-extra": "^6.0.0", | ||
| "md5": "^2.2.1", | ||
| "micro": "^9.1.4", | ||
| "micro": "^9.3.0", | ||
| "micro-redirect": "^1.0.0", | ||
| "microrouter": "^3.1.1", | ||
| "microrouter": "^3.1.2", | ||
| "node-fetch": "^2.1.2", | ||
| "pino": "^4.15.3", | ||
| "sharp": "^0.20.1", | ||
| "pino": "^4.16.1", | ||
| "sharp": "^0.20.2", | ||
| "yargs": "^11.0.0" | ||
@@ -55,4 +52,4 @@ }, | ||
| "eslint-import-resolver-jest": "^2.1.1", | ||
| "eslint-plugin-import": "^2.10.0", | ||
| "eslint-plugin-jest": "^21.15.0", | ||
| "eslint-plugin-import": "^2.11.0", | ||
| "eslint-plugin-jest": "^21.15.1", | ||
| "jest": "^22.4.3", | ||
@@ -82,3 +79,6 @@ "micro-dev": "^2.2.2", | ||
| ] | ||
| }, | ||
| "pkg": { | ||
| "assets": "config/**/*" | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.04%
63442
- Number of package files
- increased by1.56%
65
Worsened metrics
- Number of low supply chain risk alerts
- increased by33.33%
4
Dependency changes
+ Addedfs-extra@6.0.1(transitive)
- Removedfs-extra@5.0.0(transitive)
Updatedfs-extra@^6.0.0
Updatedmicro@^9.3.0
Updatedmicrorouter@^3.1.2
Updatedpino@^4.16.1
Updatedsharp@^0.20.2