Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade underscore from 1.9.1 to 1.13.6 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade underscore from 1.9.1 to 1.13.6 #8

wants to merge 1 commit into from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented May 21, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade underscore from 1.9.1 to 1.13.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 18 versions ahead of your current version.

  • The recommended version was released 2 years ago, on 2022-09-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 233/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0132, Social Trends: No, Days since published: 1149, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.97, Score Version: V5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: underscore
  • 1.13.6 - 2022-09-23

    Hotfix after 1.13.5 to remove postinstall script

  • 1.13.5 - 2022-09-23

    Patch to add exports.require.module, plus testing updates

  • 1.13.4 - 2022-06-02

    Patch release to address WebPack module federation issue

  • 1.13.3 - 2022-04-23

    Patch release with improved compatibility with ExtendScript

  • 1.13.2 - 2021-12-16

    Underscore 1.13.2 -- minor bugfixes and improved documentation

  • 1.13.1 - 2021-04-15

    Restores the underscore.js UMD alias to git

  • 1.13.0 - 2021-04-09

    Node.js native ESM support in main release stream, docs updates

  • 1.13.0-3 - 2021-03-31

    Preview release that adds the "module" exports condition

  • 1.13.0-2 - 2021-03-15

    Preview of 1.13.0 with security fix from 1.12.1

  • 1.13.0-1 - 2021-03-11
  • 1.13.0-0 - 2021-03-10
  • 1.12.1 - 2021-03-15

    Security fix in _.template and restored optimization in _.debounce.

  • 1.12.0 - 2020-11-24
  • 1.11.0 - 2020-08-28
  • 1.10.2 - 2020-03-30
  • 1.10.1 - 2020-03-30
  • 1.10.0 - 2020-03-30
  • 1.9.2 - 2020-01-06
  • 1.9.1 - 2018-05-31
from underscore GitHub release notes
Commit messages
Package name: underscore
  • e8f86fb Add changelog entry for versioin 1.13.6
  • 43e827a Bump the version to 1.13.6 (hotfix)
  • 1c1d1a2 Remove patch-package postinstall script
  • 66ee70d Verify that production and doc builds still work in CI
  • 68e5eb6 Update generated sources, tag 1.13.5 release
  • 08cb140 Work around docco build problem using patch-package
  • 5ac6628 Merge pull request #2966 from jgonggrijp/prepare-1.13.5
  • bef7ee3 Add a change log entry for 1.13.5
  • c47566a Bump the version to 1.13.5
  • 89b32a6 Add a module entry to the require exports condition
  • 7459b8d Merge pull request #2965 from jgonggrijp/upgrade-sauce
  • 6d93d6f Reorganize test scripts to avoid rollup config coverage report
  • f238610 Test LTS Node.js versions in CI
  • c444277 Upgrade nyc and coveralls to latest
  • 78daa14 Run npm audit fix
  • cb353dd Upgrade karma-qunit
  • ea95e52 Upgrade karma{,-sauce-launcher} devDeps, lockfile as side effect
  • a15d1af Update generated files, tag 1.13.4 release
  • 979dfc4 Merge branch 'prepare-1.13.4'
  • fcb149d Add a change log entry for 1.13.4
  • cf6ed6f Bump the version to 1.13.4
  • 75d257f Merge pull request #2959 from petschki/module-federation-version
  • 46d77d3 Fix for webpack module federation "No version" error
  • da06656 Merge pull request #2956 from zackschuster/patch-1

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

@snyk-io
fix: upgrade underscore from 1.9.1 to 1.13.6
bc33551 
Snyk has created this PR to upgrade underscore from 1.9.1 to 1.13.6.

See this package in npm:
underscore

See this project in Snyk:
https://app.snyk.io/org/hawthorne001/project/eb2dddbe-4328-4405-9c8a-3c060c19a650?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants