Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade cheerio from 0.19.0 to 0.20.0 #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSSWHAT-3035488
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: cheerio The new version differs by 56 commits.
  • c3ec1cd Release 0.20.0
  • ef848ca Add coveralls badge, remove link to old report
  • dbcbe90 Merge pull request #808 from leifhanack/lodash4
  • c04ead1 Merge pull request #668 from rwaldin/prop-method
  • b5531bb Merge pull request #671 from twolfson/dev/fallback.select.content.sqwished
  • 9d98bd7 Merge pull request #704 from Rycochet/master
  • 1b9c5c9 Merge pull request #797 from Delgan/641-appendTo_prependTo
  • b12cbe8 Update lodash dependeny to 4.1.0
  • 8c9b2e0 Merge pull request #796 from Delgan/fix_780
  • b09db31 Fix PR #726 adding 'appendTo()' and 'prependTo()'
  • ce8829d Added appendTo and prependTo with tests #641
  • 4779762 Fix #780 by changing options context in '.find()'
  • 8dc1cc9 Add an unit test checking the query of child
  • b27bed6 fix #667: attr({foo: null}) removes attribute foo, like attr('foo', null)
  • 70c5608 Include reference to dedicated "Loading" section
  • fa70a84 Added load method to $
  • 4e8483a update css-select to 1.2.0
  • 5f2777a Merge pull request #732 from jugglinmike/reinstate-toarray
  • 106e42a Merge pull request #776 from dYale/master
  • 97149d3 Fixing Grammatical Error
  • a1367ee Merge pull request #739 from TrySound/npm-files
  • 6c73b7a Merge pull request #773 from JaKXz/patch-1
  • 48bb22d Test against node v0.12 --> v4.2
  • ec2414d Correct output in example

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-CSSWHAT-3035488
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant