Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade realm from 2.23.0 to 10.3.0 #76

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade realm from 2.23.0 to 10.3.0 #76

wants to merge 1 commit into from

Conversation

Omrisnyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • src/desktop/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 125/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: realm
  • 10.3.0 - 2021-03-30

    NOTE: This release has a number of fixes compared to v10.3.0-rc.1. For a complete changelog, please see v10.3.0-rc.1.

    Enhancements

    • None.

    Fixed

    • Classes names class_class_... were not handled correctly in queries. (realm/realm-core#4480)
    • Syncing large Decimal128 values will cause Assertion failed: cx.w[1] == 0. (realm/realm-core#4519, since v10.0.0)
    • Avoid race condition leading to possible hangs on Windows. (realm/realm-dotnet#2245)
    • During integration of a large amount of data from the MongoDB Realm, you may get Assertion failed: !fields.has_missing_parent_update(). (realm/realm-core#4497, since v6.0.0)

    Compatibility

    • MongoDB Realm Cloud.
    • APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.x.y series.
    • File format: generates Realms with format v20 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 for synced Realms).

    Internal

    • Upgraded Realm Core from v10.5.4 to v10.5.6.
  • 10.3.0-rc.1 - 2021-03-19

    Enhancements

    • Added support for comparing numbers to boolean values in queries.

    Fixed

    • On 32 bit devices you may get exception with No such object when upgrading from v6.x to v10.x (realm/realm-java#7314, since v10.0.0)
    • Restore support for upgrading files from file format 5 (Realm JavaScript 1.x). (realm/realm-cocoa#7089, since v6.0.0)
    • Fixed a bug that prevented an object type with incoming links from being marked as embedded during migrations. (realm/realm-core#4414)
    • During synchronization you might experience crash with Assertion failed: ref + size <= next->first. (realm/realm-core#4388)
    • There seems to be a few issues regarding class support in realm-js. We are currently coming up with strategies to better support this in the future. In the meantime, the following fixes have been applied to help avoid crashes and failures.
      • When creating a class that extends Realm.Object and pushing the instantiated object to a list, a segmentation fault would occur. This has been fixed by a null check and throwing an exception.
      • Creating an object from an instance of Realm.Object that was manually constructed (detached from Realm) would fail the second time. Now we throw a meaningful exception the first time.
    • Removed a delay when running in node.js. It could make testing using Jest to fail. (#3608, since v2.0.0)

    Compatibility

    • MongoDB Realm Cloud.
    • APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.x.y series.
    • File format: generates Realms with format v20 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 for synced Realms).

    Internal

    • Switch to unified releases of Realm Core, Realm Sync and Realm Object Store.'
    • Upgraded to Realm Core v10.5.4.
  • 10.2.0 - 2021-02-05
  • 10.1.4 - 2021-01-27
  • 10.1.3 - 2021-01-15
  • 10.1.2 - 2020-12-16
  • 10.1.1 - 2020-12-11
  • 10.1.0 - 2020-12-08
  • 10.0.2 - 2020-12-05
  • 10.0.1 - 2020-10-16
  • 10.0.0 - 2020-10-14
  • 10.0.0-rc.2 - 2020-10-12
  • 10.0.0-rc.1 - 2020-10-01
  • 10.0.0-beta.13 - 2020-09-18
  • 10.0.0-beta.12 - 2020-09-02
  • 10.0.0-beta.11 - 2020-08-28
  • 10.0.0-beta.10 - 2020-08-27
  • 10.0.0-beta.9 - 2020-07-15
  • 10.0.0-beta.8 - 2020-07-07
  • 10.0.0-beta.7 - 2020-06-26
  • 10.0.0-beta.6 - 2020-06-09
  • 10.0.0-beta.5 - 2020-06-08
  • 10.0.0-beta.4 - 2020-06-07
  • 10.0.0-beta.3 - 2020-06-06
  • 10.0.0-beta.2 - 2020-06-06
  • 10.0.0-beta.1 - 2020-06-04
  • 10.0.0-alpha.11 - 2020-06-02
  • 10.0.0-alpha.10 - 2020-05-30
  • 10.0.0-alpha.9 - 2020-05-22
  • 10.0.0-alpha.8 - 2020-05-20
  • 10.0.0-alpha.7 - 2020-05-19
  • 10.0.0-alpha.6 - 2020-05-13
  • 10.0.0-alpha.5 - 2020-05-11
  • 6.1.8 - 2021-09-08
  • 6.1.7 - 2021-03-13

    Enhancements

    • None.

    Fixed

    • There seems to be a few issues regarding class support in realm-js. We are currently coming up with strategies to better support this in the future. In the meantime, the following fixes have been applied to help avoid crashes and failures.
      • When creating a class that extends Realm.Object and pushing the instantiated object to a list, a segmentation fault would occur. This has been fixed by a null check and throwing an exception.
      • Creating an object from an instance of Realm.Object that was manually constructed (detached from Realm) would fail the second time. Now we throw a meaningful exception the first time.
    • Removed a delay when running in node.js. It could make testing using Jest to fail. (#3608, since v2.0.0)
    • Support upgrading from file format 5. (realm/realm-cocoa#7089, since v6.0.0)
    • During integration of a large amount of data from the server, you may get Assertion failed: !fields.has_missing_parent_update(). (realm/realm-core#4497, since v6.0.0)
    • Fixed queries for constant null across links to an indexed property not returning matches when the link was null. ([#4460]realm/realm-core#4460), since v3.5.0).

    Compatibility

    • Realm Object Server: 3.23.1 or later
    • APIs are backwards compatible with all previous releases of Realm JavaScript in the 6.x.y series.
    • File format: generates Realms with format v11 (reads and upgrades file format v5).
  • 6.1.6 - 2021-02-15
  • 6.1.5 - 2020-11-05
  • 6.1.4 - 2020-10-08
  • 6.1.3 - 2020-10-02
  • 6.1.2 - 2020-09-17
  • 6.1.2-test - 2020-09-16
  • 6.1.1 - 2020-09-10
  • 6.1.0 - 2020-08-27
  • 6.0.5 - 2020-08-24
  • 6.0.4 - 2020-08-04
  • 6.0.3 - 2020-07-15
  • 6.0.2 - 2020-06-03
  • 6.0.1 - 2020-05-18
  • 6.0.0 - 2020-05-14
  • 6.0.0-beta.1 - 2020-05-06
  • 5.0.5 - 2020-05-12
  • 5.0.4 - 2020-04-29
  • 5.0.3 - 2020-04-01
  • 5.0.2 - 2020-03-21
  • 5.0.2-alpha.1 - 2020-03-21
  • 5.0.1 - 2020-03-20
  • 5.0.0 - 2020-03-18
  • 4.0.0-beta.2 - 2020-02-24
  • 4.0.0-beta.1 - 2020-01-08
  • 4.0.0-beta.0 - 2019-12-05
  • 4.0.0-alpha.2 - 2019-11-27
  • 4.0.0-alpha.1 - 2019-11-01
  • 3.7.0-alpha.2 - 2020-01-24
  • 3.7.0-alpha.0 - 2020-01-14
  • 3.6.5 - 2020-03-04
  • 3.6.4 - 2020-02-14
  • 3.6.3 - 2020-01-17
  • 3.6.2 - 2020-01-16
  • 3.6.0 - 2019-12-12
  • 3.5.0 - 2019-12-02
  • 3.5.0-alpha.1 - 2019-11-27
  • 3.4.2 - 2019-11-14
  • 3.4.1 - 2019-11-12
  • 3.4.0 - 2019-11-11
  • 3.4.0-alpha.1 - 2019-10-21
  • 3.3.0 - 2019-10-18
  • 3.3.0-rc.1 - 2019-10-09
  • 3.2.0 - 2019-09-30
  • 3.1.0 - 2019-09-19
  • 3.0.0 - 2019-09-11
  • 3.0.0-node12.1 - 2019-07-29
  • 3.0.0-beta.2 - 2019-07-12
  • 3.0.0-beta.1 - 2019-06-13
  • 2.30.0-beta.1 - 2019-08-12
  • 2.29.2 - 2019-08-14
  • 2.29.1 - 2019-07-11
  • 2.29.0 - 2019-07-03
  • 2.29.0-alpha.1 - 2019-05-29
  • 2.28.1 - 2019-06-03
  • 2.28.0 - 2019-05-22
  • 2.27.0 - 2019-05-15
  • 2.27.0-rc.3 - 2019-05-10
  • 2.27.0-rc.2 - 2019-05-09
  • 2.26.1 - 2019-04-12
  • 2.26.0 - 2019-04-04
  • 2.25.0 - 2019-03-12
  • 2.24.0 - 2019-02-27
  • 2.23.0 - 2019-02-01
from realm GitHub release notes

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Omrisnyk @snyk-bot