[Snyk] Fix for 12 vulnerabilities #6269
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* DOCSP-35612: Update release date * DOCSP-35612: Update changelogs
* DOCSP-35634: Update release date * DOCSP-35634: Update changelogs * Update source/includes/changelogs/releases/6.0.13.rst Co-authored-by: ianf-mongodb <[email protected]> --------- Co-authored-by: ianf-mongodb <[email protected]>
* DOCSP-16072 doc for new Search Sequential Pagination attribute * Update source/includes/fact-meta-syntax.rst Co-authored-by: Jeff Allen <[email protected]> * DOCSP-16072 fix for broken link --------- Co-authored-by: Jeff Allen <[email protected]>
* 4.4.28 changelog & release notes * updated link
* add details about what executionTimeMillis includes * review suggestions * Address review suggestions * remove antiquated info
* DOCSP-27565-database-profiler-update * DOCSP-27565-database-profiler-update * DOCSP-27565-database-profiler-update * DOCSP-27565-database-profiler-update * DOCSP-27565-database-profiler-update * DOCSP-27565-database-profiler-update * DOCSP-27565-database-profiler-update --------- Co-authored-by: jason-price-mongodb <[email protected]>
* DOCSP-33391 Fixes filesystem snapshot text * Adds step to find a backup window * Reworks procedure for filesystem snapshot * Refactors filesystem backup * removes deprecated YAML * fixes build error * fixes build error * Fixes per Ian * Fixes per Ashley Co-authored-by: Ashley Brown <[email protected]> * Fixes per Ashley * Fixes per Ashley * Fixes build issues * Fixes per Nandini * Fixes per Nandini * Fixes spacing issue * Vale checks --------- Co-authored-by: Ashley Brown <[email protected]>
* DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error * DOCSP-27736-sql-error --------- Co-authored-by: jason-price-mongodb <[email protected]>
* (DOCSP-33844): Fix inaccuracy on tailable cursor doc * edit * IA template adjustments * add period * avoid 'dead' * reorder * typo * wording * review edits * wording adjustment
Co-authored-by: jason-price-mongodb <[email protected]>
* DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates * DOCSP-33515-shard-key-updates --------- Co-authored-by: jason-price-mongodb <[email protected]>
* Empty-Commit * <phpmethod.MongoDB\Collection::find() * " * * * * * * * * * * * deleteMany() * * * * * * * updateOne() * updateMany() * insertMany() * * * deleteMany() * getInsertedId() one and many * * * * * createIndex() * getDeletedCount()
…5956) * (DOCSP-35370): Remove specific versions from Recommended Platforms * minimalism * remove extra footnote * remove 5.0 footnote * minimalism * review feedback
* DOCSP-35091-majority-write-concern-updates * DOCSP-35091-majority-write-concern-updates * DOCSP-35091-majority-write-concern-updates * DOCSP-35091-majority-write-concern-updates --------- Co-authored-by: jason-price-mongodb <[email protected]>
…links to TOC (#5957) * Adds release notes, changelog for 7.2.1; also adds missing changelog TOC links * Adds link
* DOCS-15725 adding link to security checklist * DOCS-15725 adding tag * DOCS-15725 fixing link
* DOCSP-35701-timeseries-updates * DOCSP-35701-timeseries-updates * DOCSP-35701-timeseries-updates * DOCSP-35701-timeseries-updates --------- Co-authored-by: jason-price-mongodb <[email protected]>
* (DOCSP-35335): Add maxConnecting setting for connection pools * formatting fix * add definition * wording * add context to changing maxConnecting * wording * note relationship with maxPoolSize * edit * address tech review comments * review edit * add definition for connection storm * wording * typo * more edits * edit * wording
* DOCSP-35889 Missing Redirect for First Array Element Operator * bump version boundary to 6.1+
* DOCSP-34511 clarify c field limitation * DOCSP-34511 clarify c field limitation
* DOCSP-32736-duplicate-minimum-oplog-section * DOCSP-32736: Removing duplicate information from introduction. * DOCSP-32736: Adding taxonomy tags. * DOCSP-32736: Fixing typo in referenced document, editorial suggestions. * Added period to list item for consistency.
* DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update * DOCS-16593-chunks-update --------- Co-authored-by: jason-price-mongodb <[email protected]>
Co-authored-by: jason-price-mongodb <[email protected]>
…5927) * DOCSP-35753-serverStatus-metric-stepDown-moved-to-stateTransaction * DOCSP-35753: Adding stateTransition object for replication stepDown info. Deprecating stepDown metric and linking to new object. * Empty-Commit * DOCSP-35753: Removing references to unsupported previous behavior. Added missing heading for lasteStateTransaction. Modified language per style guide. * DOCSP-35753: Fixing monospace issue. * DOCSP-35753: Typo fix * DOCSP-35753: Small editorial changes per feedback.
* DOCSP-35286 tlsUseSystemCA Parameter * typo * JA feedback
* DOCS-16601-appendOplogNote-updates * DOCS-16601-appendOplogNote-updates * DOCS-16601-appendOplogNote-updates * DOCS-16601-appendOplogNote-updates * DOCS-16601-appendOplogNote-updates * DOCS-16601-appendOplogNote-updates --------- Co-authored-by: jason-price-mongodb <[email protected]>
…ions and move to an include (#5597) * Update required permissions and move to an include * Simplify the permissions include * fix typo and formatting * add note about convention and move most to include
* Removed outdated include * Drafted note * Taxonomy tagging * Removed duplicate sentence
…713) * add note about coordinate limits for both 2d and 2dsphere indexes * add note about wrapping * update with info about overrides * no longer need a shared blob * final review suggestion
* DOCSP-37704 7.0.7 Release Notes * nit fix * revert 7.0 removal
* (DOCSP-31877): Remove circular definitions for clutered indexes and collections * edits * edit * review edits * wording * review edits * edits * typo * edits * tweak * tweak * edit
* DOCSP-36056 listSearchIndexes Visibility * build errors * atlas-first edit * adjust TOC + better highlight Atlas Search index methods
* DOCSP-37568 clarify options in sh.stopBalancer Documentation * DOCSP-37568 updates for MP's feedback * Update source/reference/method/sh.stopBalancer.txt Co-authored-by: ltran-mdb2 <[email protected]> * DOCSP-37568 updates for copy feedback --------- Co-authored-by: ltran-mdb2 <[email protected]>
* (DOCSP-26094): Clarify VMWare balloon recommendation * edits * present tense * edits * edits * edits * review feedback * review feedback
* add info about explain ignoring query plan * wording changes to be more accurate & clear
* DOCSP-37342 Configuration File CAFile Requirement * fixes * BM external feedback * BM edits
* DOCSP-32184 Update Time-Series Sharding Admin Commands * DOCSP-32184 Sharding Admin Commands on system.buckets * nit fix * AB feedback
* DOCSP-37695 5.0.26 Release Notes * build error * *
…-version (#6890) Co-authored-by: jason-price-mongodb <[email protected]>
….copyTo (#6889) * DOCSP-26062 modify redirect for manual/reference/method/db.collection.copyTo * DOCSP-26062 updates for JA's feedback
…nstances (#6900)
* DOCSP-37870 Edit Release Notes Top 5 * fix
* Add info about journal fiole drive space needs * review changes * refactor for clarity * drive space => disk space
* WIP * WIP * update snooty.toml * fix indentation * WIP * WIP * WIP * fix broken refs * review edits * more review edits * more review edits * edits * edit * nits * review edits * reorder table * mention top command * formatting * restructure * change heading levels * reorder * tweaks * add more Atlas tools * simplify * edits * wording * minimalism * final reorg * re-add db profiler * add link to db profiler page
* DOCSP-15802 add details to sample page * DOCS-15802 updates for review feedback * DOCS-15802 updates for copy feedback
… users (#6854) * DOCS-15127 Remove support for authentication as multiple simultaneous users * DOCS-15127 updates for AH's feedback
* DOCSP-27214-sharding-release-note * Editorial feedback per review. * Adding glossary ref to 6.1
* DOCSP-34751 Clarifies STARTUP2 vote * Fixes per Kaitlin
* add $match to coalesce section * rewording for clarity and fix formatting * updates from review * more rewording for clarity; rearrange explain output * review format changes * add note/link and (hopefully) fix code formatting * moar code formatting
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-3164749 - https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1086606 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-1088505 - https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-5750273 - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570772 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-570773 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5811865 - https://snyk.io/vuln/SNYK-PYTHON-SPHINX-5812109
jeff-allen-mongo
force-pushed
the
master
branch
from
6c15361
to
4431b10
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
By pinning:
Why? Has a fix available, CVSS 6.8
SNYK-PYTHON-CERTIFI-3164749
certifi:2021.10.8 -> 2023.7.22Why? Has a fix available, CVSS 9.8
SNYK-PYTHON-CERTIFI-5805047
certifi:2021.10.8 -> 2023.7.22Why? Has a fix available, CVSS 5.4
SNYK-PYTHON-JINJA2-6150717
jinja2:2.11.3 -> 3.1.3Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-PYTHON-PYGMENTS-1086606
pygments:2.5.2 -> 2.15.0Why? Has a fix available, CVSS 7.5
SNYK-PYTHON-PYGMENTS-1088505
pygments:2.5.2 -> 2.15.0Why? Has a fix available, CVSS 5.3
SNYK-PYTHON-PYGMENTS-5750273
pygments:2.5.2 -> 2.15.0Why? Has a fix available, CVSS 6.1
SNYK-PYTHON-REQUESTS-5595532
requests:2.27.1 -> 2.31.0Why? Has a fix available, CVSS 5.9
SNYK-PYTHON-SETUPTOOLS-3180412
setuptools:40.5.0 -> 65.5.1Why? Mature exploit, Has a fix available, CVSS 6.5
SNYK-PYTHON-SPHINX-570772
sphinx:1.8.6 -> 3.3.0Why? Mature exploit, Has a fix available, CVSS 6.3
SNYK-PYTHON-SPHINX-570773
sphinx:1.8.6 -> 3.3.0Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-PYTHON-SPHINX-5811865
sphinx:1.8.6 -> 3.3.0Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-PYTHON-SPHINX-5812109
sphinx:1.8.6 -> 3.3.0(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Scripting (XSS)
🦉 Regular Expression Denial of Service (ReDoS)