Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade depcheck from 1.4.5 to 1.4.7 #196

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade depcheck from 1.4.5 to 1.4.7 #196

wants to merge 1 commit into from

Conversation

ropable
Copy link
Member

@ropable ropable commented Oct 18, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • boranga/frontend/boranga/package.json
    • boranga/frontend/boranga/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 751/1000
Why? Recently disclosed, Has a fix available, CVSS 9.3		 Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: depcheck The new version differs by 29 commits.
  • b180e2e Merge pull request #843 from legobeat/deps-babel
  • e64e59b bump babel packages to latest
  • b83d38b Merge pull request #836 from dobesv/import-mappings
  • af34e35 Support package.json subpath imports
  • 23b78f0 Merge pull request #835 from seansfkelley/quiet-empty-line
  • 28d8026 --quiet: don't print an empty line if nothing to report
  • 87c35db Merge pull request #801 from legobeat/chore-bump-deps
  • 71faa85 deps: minimatch@^3.0.7->^7.4.6
  • bef30f7 deps: minor/patch bumps
  • 586fd2d apply `npm dedupe`
  • 07392c5 deps: cosmiconfig@^7.0.0->^7.1.0
  • 5617593 npm dedupe
  • 8cb1d91 npm audit fix
  • e45b32a Update changelog
  • 381fa30 Merge pull request #826 from miluoshi/tsconfig-jsonc
  • 72bb511 Merge pull request #827 from miluoshi/sass-refactored
  • d24d28f Merge pull request #830 from dobesv/scoped-package-bin-no-key-fixup
  • c64c3e5 Merge pull request #831 from dobesv/jest-projects
  • d07d214 Merge pull request #834 from jtbandes/jacob/explicitResourceManagement
  • 2687939 Add explicitResourceManagement
  • fa8c49e Support projects field in jest configuration
  • acb6fdd Handle scoped package bin with default name
  • 3ae0c5e Merge pull request #829 from openam/quiet-flag
  • 9bb4931 feat: add --quiet flag to suppress No depcheck issue messages

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: boranga/frontend/boranga/package.json & boranga/frontend/boranga…
3aa709c 
…/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ropable @snyk-bot