[Snyk] Upgrade amqplib from 0.5.6 to 0.10.0 #21

snyk-bot · 2022-06-24T01:13:29Z

Snyk has created this PR to upgrade amqplib from 0.5.6 to 0.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 21 days ago, on 2022-06-02.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Input Validation SNYK-JS-URLPARSE-2407770	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
Open Redirect SNYK-JS-URLPARSE-1533425	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: amqplib

0.10.0 - 2022-06-02
0.10.0
0.9.1 - 2022-05-22
0.9.0 - 2022-05-09
0.9.0
0.8.0 - 2021-05-19
⚠️ This release drops support for NodeJS < v10 ⚠️. This version of amqplib still works with NodeJS v0.6 through v16, but future versions will not be tested for compatibility with NodeJS < v10.

This is to unlock other improvements that can now be made, like
- using the built-in Promise object
- updating or switching libraries that previously couldn't be updated, because they had dropped support for older NodeJS
- removing code that is now covered in the standard library, e.g., checking whether a number is an integer
This release also includes an improvement to TLS connections for people using an AMQP server behind a load balancer. amqplib will now copy the hostname of the connection URL or object to the server name indication field.
0.7.1 - 2021-03-08
Merge pull request #609 from squaremo/release-0.7.1

Bump version and changelog for v0.7.1
0.7.0 - 2021-02-22
This minor version release extends support to Node.js v15.
0.6.0 - 2020-07-15
Tag for version 0.6.0
0.5.6 - 2020-05-14
- Fix to muxing (#503)
- Increase the encoding scratch buffer size (#545)

from amqplib GitHub release notes

Commit messages

Package name: amqplib

fd93de3 0.10.0
1112257 Update CHANGELOG
5f621ad Merge branch 'mohd-akram-native-promise'
d090310 Address review comments
f7a8ee1 Use native promises
8f5f328 0.9.1
7e4910c Add version to changelog
aa46d76 update changelog
a620933 Merge pull request #659 from Uzlopak/unregisterConsumer-on-handleCancel
2bd36da update changelog
a4c308c Merge branch 'Uzlopak-use-Map-instead-of-Object-Dictionary'
ce5a9d9 Merge branch 'use-Map-instead-of-Object-Dictionary' of https://github.com/Uzlopak/amqp.node into Uzlopak-use-Map-instead-of-Object-Dictionary
9e496dd Revert "Merge pull request #661 from Uzlopak/code-smells-throw-errors"
691568c Merge pull request #661 from Uzlopak/code-smells-throw-errors
7c3de5d Update changelog
8dfbe76 Merge pull request #658 from Uzlopak/optimize-Mux-array-concat
8dd9862 Update README with more recent node version
10b940f Update links in package.json
3c13866 Make README examples more consistent
4825108 Merge pull request #477 from renarsvilnis/patch-1
02ab0a3 Add troubleshooting link to the readme
a5cbb66 Add readme badges
290394f Merge pull request #687 from amqp-node/issue-686
65f3e8c Test against recent node versions