Skip to content
This repository was archived by the owner on May 20, 2025. It is now read-only.

[Snyk] Upgrade mongodb from 3.6.6 to 3.7.4#44

Open
barnes-c wants to merge 1 commit into
mainfrom
snyk-upgrade-6d596dccc4eb51a0b316120f46e3f208
Open

[Snyk] Upgrade mongodb from 3.6.6 to 3.7.4#44
barnes-c wants to merge 1 commit into
mainfrom
snyk-upgrade-6d596dccc4eb51a0b316120f46e3f208

Conversation

@barnes-c

@barnes-c barnes-c commented Mar 23, 2025

Copy link
Copy Markdown
Contributor

snyk-top-banner

Snyk has created this PR to upgrade mongodb from 3.6.6 to 3.7.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 11 versions ahead of your current version.

  • The recommended version was released 2 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 696 Proof of Concept
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 696 Proof of Concept
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137		 696 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 696 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-AXIOS-6671926		 696 No Known Exploit
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9292519		 696 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 696 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 696 Proof of Concept
medium severity Information Exposure
SNYK-JS-MONGODB-5871303		 696 No Known Exploit
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 696 No Known Exploit
Release notes
Package name: mongodb
  • 3.7.4 - 2023-06-21

    The MongoDB Node.js team is pleased to announce version 3.7.4 of the mongodb package!

    Release Highlights

    This release fixes a bug that throws a type error when SCRAM-SHA-256 is used with saslprep in a webpacked environment.

    3.7.4 (2023-06-21)

    Bug Fixes

    Documentation

    We invite you to try the mongodb library immediately, and report any issues to the NODE project.

  • 3.7.3 - 2021-10-20
  • 3.7.2 - 2021-10-05
  • 3.7.1 - 2021-09-14
  • 3.7.0 - 2021-08-31
  • 3.6.12 - 2021-08-30
  • 3.6.11 - 2021-08-05
  • 3.6.10 - 2021-07-06
  • 3.6.9 - 2021-05-26
  • 3.6.8 - 2021-05-21
  • 3.6.7 - 2021-05-18
  • 3.6.6 - 2021-04-06
from mongodb GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade mongodb from 3.6.6 to 3.7.4
c81a6c4 
Snyk has created this PR to upgrade mongodb from 3.6.6 to 3.7.4.

See this package in npm:
mongodb

See this project in Snyk:
https://app.snyk.io/org/barnes-c/project/dac41ee8-772e-492f-86cf-e491d0cf6851?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@barnes-c @snyk-bot