Skip to content
This repository has been archived by the owner on Jul 5, 2022. It is now read-only.

[Snyk] Fix for 2 vulnerabilities #39

Open
wants to merge 1 commit into
base: staging
Choose a base branch
from

Conversation

jahil-khalfe
Copy link
Owner

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
Yes Proof of Concept
high severity 753/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: babel-eslint The new version differs by 43 commits.

See the full diff

Package name: babel-loader The new version differs by 26 commits.
  • 321852e Merge branch 'release/6.0.0'
  • e7565ee Add @ malyw 's guide to upgrade babel
  • 862b7b1 Update travis badge url
  • ff3bc7a Update dependencies.
  • fc2bfe4 Merge branch 'shinnn-travis-ci' into develop
  • a6f3fc0 Change options to query. Increase timeout interval
  • 94d6308 Merge remote-tracking branch 'werk85/master' into develop
  • f4e40c5 README updated
  • 0823f6a Upgraded to Babel 6
  • bb110a8 set up Travis CI
  • 5992650 5.3.3
  • f723509 pin babel-core version in peerDependencies as it'll try and install babel 6...
  • f299837 Merge pull request Update bonfires.json freeCodeCamp/freeCodeCamp#87 from jhnns/patch-1
  • 17c7860 Clarify note on deprecated peerDependencies
  • f84ef50 Merge branch 'develop' of github.com:babel/babel-loader into develop
  • 9f117b5 Bump version. Update CHANGELOG.md
  • dc66b2a Don't override existing items in sourcesContent if any
  • 719eb70 Merge branch 'hotfix/5.3.1' into develop
  • 342375d Merge branch 'hotfix/5.3.1'
  • edf2bc3 Bump version. Update changelog
  • 9fe6bbc Fix for 'Module build failed: TypeError: Object.keys called on non-object'
  • 6b33020 Merge branch 'release/5.3.0' into develop
  • e22df89 Merge branch 'release/5.3.0'
  • 0156f51 Bump version and update CHANGELOG.md

See the full diff

Package name: cheerio The new version differs by 106 commits.

See the full diff

Package name: sanitize-html The new version differs by 7 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
2 participants