[Snyk] Security upgrade LiteDB from 3.1.0 to 5.0.13 #158

Open

snyk-bot wants to merge 1 commit from snyk-fix-4165273a9096478146fe82a4d2b2fa81 into master

pull from: snyk-fix-4165273a9096478146fe82a4d2b2fa81

merge into: Serraniel:master

Serraniel:master

Serraniel:feature/updates

Serraniel:snyk-fix-d0fb2f342f19d6e14d68e235cade2e96

Serraniel:dependabot/nuget/Octokit-5.0.0

Serraniel:dependabot/nuget/LiteDB-5.0.15

Serraniel:dependabot/nuget/Discord-Media-Loader.Application/Newtonsoft.Json-13.0.2

Serraniel:dependabot/nuget/Discord-Media-Loader/Newtonsoft.Json-13.0.2

Serraniel:dependabot/nuget/Newtonsoft.Json-13.0.2

Serraniel:dependabot/nuget/System.Collections.Immutable-7.0.0

Serraniel:dependabot/nuget/Microsoft.NETCore.Platforms-7.0.0

Serraniel:snyk-fix-768f3f40820a0776a039141249c31abf

Serraniel:snyk-fix-78fcf061627e5d0aa1155a0871928549

Serraniel:dependabot/nuget/SweetLib-0.2.1-alpha.2

Serraniel:dependabot/nuget/System.Linq.Async-6.0.1

Serraniel:dependabot/nuget/Nito.Disposables-2.3.0

Serraniel:bugfix/#105-after-autoupdate-to-last-version-is-cant-download-anything-and-keep-scanning-for-no-reason

Serraniel:dependabot/nuget/System.Security.AccessControl-6.0.0

Serraniel:dependabot/nuget/System.Runtime.CompilerServices.Unsafe-6.0.0

Serraniel:feature/update-libs

Serraniel:feature/#96-pull-nickname-from-discord-api

Serraniel:dependabot/add-v2-config-file

Serraniel:feature/#27-new-job-scheduler

Serraniel:develop

Serraniel:support/1.2

Serraniel:bugfix/#20-application-cannot-be-closed-during-setup

Serraniel:support/1.1

Serraniel:support/1.0

Conversation 0 Commits 1 Files changed 1 +1 -1

snyk-bot commented 2023-02-27 04:58:06 +01:00 (Migrated from github.com)

Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `nuget` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • DML.AppCore/DML.AppCore.csproj

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	776/1000 Why? Recently disclosed, Has a fix available, CVSS 9.8	Deserialization of Untrusted Data SNYK-DOTNET-LITEDB-3331936	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data

<h3>Snyk has created this PR to fix one or more vulnerable packages in the `nuget` dependencies of this project.</h3> #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - DML.AppCore/DML.AppCore.csproj #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **776/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 9.8 | Deserialization of Untrusted Data <br/>[SNYK-DOTNET-LITEDB-3331936](https://snyk.io/vuln/SNYK-DOTNET-LITEDB-3331936) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3YzU0N2E0Zi0xYWY2LTQxMDAtOTFiMy1lNDYxYmJlNjlhZjIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjdjNTQ3YTRmLTFhZjYtNDEwMC05MWIzLWU0NjFiYmU2OWFmMiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/serraniel/project/a458bfa2-a0e6-468c-908a-9f889f3c665e?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/serraniel/project/a458bfa2-a0e6-468c-908a-9f889f3c665e?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"7c547a4f-1af6-4100-91b3-e461bbe69af2","prPublicId":"7c547a4f-1af6-4100-91b3-e461bbe69af2","dependencies":[{"name":"LiteDB","from":"3.1.0","to":"5.0.13"}],"packageManager":"nuget","projectPublicId":"a458bfa2-a0e6-468c-908a-9f889f3c665e","projectUrl":"https://app.snyk.io/org/serraniel/project/a458bfa2-a0e6-468c-908a-9f889f3c665e?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-DOTNET-LITEDB-3331936"],"upgrade":["SNYK-DOTNET-LITEDB-3331936"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[776]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Deserialization of Untrusted Data](https://learn.snyk.io/lessons/insecure-deserialization/java/?loc&#x3D;fix-pr)

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin snyk-fix-4165273a9096478146fe82a4d2b2fa81:snyk-fix-4165273a9096478146fe82a4d2b2fa81

git checkout snyk-fix-4165273a9096478146fe82a4d2b2fa81

Merge

Merge the changes and update on Forgejo.

git checkout master

git merge --no-ff snyk-fix-4165273a9096478146fe82a4d2b2fa81

git checkout master

git merge --ff-only snyk-fix-4165273a9096478146fe82a4d2b2fa81

git checkout snyk-fix-4165273a9096478146fe82a4d2b2fa81

git rebase master

git checkout master

git merge --no-ff snyk-fix-4165273a9096478146fe82a4d2b2fa81

git checkout master

git merge --squash snyk-fix-4165273a9096478146fe82a4d2b2fa81

git checkout master

git merge --ff-only snyk-fix-4165273a9096478146fe82a4d2b2fa81

git checkout master

git merge snyk-fix-4165273a9096478146fe82a4d2b2fa81

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

beta

This feature will be implemented in the beta branch first

  

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

invalid

This doesn't seem right

  

postponed

This issue has been postponed to a later release

  

question

Further information is requested

  

release: bugfix

This issue will be closed with the next bugfix release

  

release: major

This issue will be closed with the next major release

  

release: minor

This issue will be closed with the next minor release

  

repository improvment

This is an improvment to the repository only

  

required

This issue is required to be closed for the next release

  

unclear

This issue is unclear

  

wontfix

This will not be worked on

No labels

beta

bug

dependencies

duplicate

enhancement

invalid

postponed

question

release: bugfix

release: major

release: minor

repository improvment

required

unclear

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Serraniel/DiscordMediaLoader#158

No description provided.