[Snyk] Upgrade mssql from 6.2.1 to 6.3.2

[snyk-bot]

Snyk has created this PR to upgrade mssql from 6.2.1 to 6.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-05-13.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	270/1000 Why? CVSS 5.4	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	270/1000 Why? CVSS 5.4	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mssql

• 6.3.2 - 2021-05-13
  

  [fix] Bump various dependencies for security fixes

• 6.3.1 - 2021-01-01
  

  [fix] Ensure line endings are unix style (LF)

• 6.3.0 - 2020-12-14
• 6.2.3 - 2020-09-25
• 6.2.2 - 2020-09-18
• 6.2.1 - 2020-07-22

from mssql GitHub release notes

Commit messages

Package name: mssql

• 6fe5d50 6.3.2
• 187232c Merge branch '5' into 6
• 921fc4a v5.1.5
• 8be3486 Bump deps
• f60374b Merge pull request OpenId Support nextauthjs/next-auth#1201 from dhensby/pulls/6/dep-bump
• d5f6c31 Merge branch '5' into pulls/6/dep-bump
• d24745b Merge pull request Feature/openid account linking nextauthjs/next-auth#1200 from dhensby/pulls/dep-bump
• 671362a Bump outdated deps
• 375419b 6.3.1
• 6686c45 Merge branch '5' into 6
• 01bc08f changelog
• 38096d8 5.1.4
• 41abc02 Merge branch '5' into 6
• acb84e1 Ensure lf line endings in files
• e45c0ae 6.3.0
• 49cce56 Update changelog
• 1d9ac35 Bump dependencies
• 9b67024 Merge pull request chore: update dep typeorm to latest v0.2.24 nextauthjs/next-auth#1145 from dhensby/pulls/6/msnode-termination
• 9258e72 Handle issue where queries can be terminated before all the errors come through
• bb69fd4 Update changelog v6.3.0
• 3d8c4fa Merge pull request How to use next-auth api endpoints (signin/signout) from a mobile app nextauthjs/next-auth#1110 from dhensby/pulls/msnodesql-v1
• ca0144b Merge pull request How do you handle only the logout redirect? nextauthjs/next-auth#1138 from mastodon0/geo-parsing
• b6c0e12 fix geography v2 parsing
• 8d57a01 Merge pull request Session undefined upon initial login nextauthjs/next-auth#1130 from mtriff/6

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
b96c2060-c4e8-11eb-9c52-0b7e2a1d8d33

[guardrails]

⚠️ We detected 8 security issues in this pull request:

Mode: paranoid | Total findings: 8 | Considered vulnerability: 8

Vulnerable Libraries (8)

Severity	Details
Medium	[email protected] upgrade to >4.16.4
Medium	[email protected] upgrade to >=6.5.4
Critical	[email protected] upgrade to >=4.7.7
Medium	[email protected] upgrade to `>=2.8.9
High	[email protected] upgrade to >=4.17.21
Medium	[email protected] upgrade to `>6.0.1
Medium	[email protected] upgrade to >7.4.5
High	[email protected] upgrade to >=5.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.