[Snyk] Security upgrade mssql from 7.3.5 to 8.0.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7 |
Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 |
Yes | No Known Exploit |
 |
776/1000 Why? Recently disclosed, Has a fix available, CVSS 9.8 |
Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 |
Yes | No Known Exploit |
 |
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 |
Yes | No Known Exploit |
|
626/1000 Why? Recently disclosed, Has a fix available, CVSS 6.8 |
Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mssql
The new version differs by 48 commits.- 919f998 8.0.0
- dff3173 Update changelog
- beea78a Merge pull request #1357 from dhensby/pulls/dependencies
- c607e41 Update dependencies
- 19d7f0a Merge pull request #1356 from dhensby/pulls/value-handler
- 0b60855 Update readme/changelog
- b56ee39 Add the concept of valueHandlers for processing returned rows from queries with user provided code
- 09441db Merge pull request #1353 from tediousjs/dependabot/npm_and_yarn/follow-redirects-1.14.7
- 5d4c014 Bump follow-redirects from 1.14.5 to 1.14.7
- 4dccd4c Merge pull request #1343 from trevorbye/doc-fixes
- 7fea917 Feedback from review
- 25ffdc0 Merge pull request #1344 from dhensby/pulls/bump-tarn
- 1640003 Update tarn & debug dependencies
- 2d04cf8 Merge pull request #1342 from dhensby/pulls/rm-connection-string-parser
- bbc8db6 make ConnectionPool.parseConnectionString static
- 35a201f rename deepclone to clone
- d459900 remove connection string parser
- e96c67a remove dup info, improve clarity, add samples
- 8c85f77 Merge pull request #1094 from ttemple06/table-rows-clear
- e986454 Update docs
- dbb5211 Update changelog
- 63ab77f add table.rows.clear() method
- 275e6d7 Merge pull request #1240 from dhensby/pulls/allow-nully-values
- e397a61 Update changelog
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: