Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #29

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #29

wants to merge 1 commit into from

Conversation

baby636
Copy link
Owner

@baby636 baby636 commented Apr 17, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt-browserify The new version differs by 23 commits.
  • afa393c Changelog, bump version to 5.1.0
  • 4718295 Housekeeping: update dependencies + dates.
  • 4f96beb Merge pull request #392 from gaurav21r/patch-1
  • 2233e43 Update browserify to 14.1.0 to support async / await
  • 8c30159 Remove the call for maintainers.
  • cda0b5f Merge pull request #379 from mrmartineau/patch-1
  • e152c57 Fixes broken issue links
  • b26e20f 5.0.0
  • 76537ce adds 5.0 changelog
  • 2e9680c Merge pull request #378 from Sjors/browserify-13
  • ace5e1f Merge pull request #358 from jeron-diovis/fix_watchify_for_mac_os
  • 2d41265 Merge pull request #319 from tleunen/patch-transform
  • f58b406 removes linting in the test to fix a jshint issue about strict usage
  • e7f1d7d changes github url to links
  • 8482e8a Allow Browserify 13
  • a5f6c08 Add a call for maintainers
  • c2d2a25 Merge pull request #372 from ntwb/update-dependencies
  • 6251c5c Update dependencies
  • 08d7416 Merge pull request #371 from ntwb/patch-1
  • 4bffe69 Update Travis CI to test NodeJS v4.x.x and v5.x.x
  • 9e1ef01 Enable "uodate" event emitting for MacOS
  • f310895 fixed tests
  • 5c9d2df browserify supports to receive an array for transform and plugin

See the full diff

Package name: grunt-contrib-uglify The new version differs by 33 commits.
  • d7704c4 v0.11.1
  • c129bf6 Merge pull request #377 from avdg/fix-screw-ie8-option-crash
  • d74556f Merge pull request #387 from joeldenning/patch-1
  • 758b7d5 Merge branch 'master' of github.com:gruntjs/grunt-contrib-uglify
  • 92c84c8 Point main to task
  • 0b00c0b Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
  • 52cc6ae Merge pull request #388 from swarajgiri/bump-dependencies
  • 2ff0283 Update lodash, maxmin and dev dependencies
  • 6352022 Improve documentation for conditional compilation
  • a6dd1cb Merge pull request #386 from ramswaroop/master
  • f3c4592 Update README.md
  • ea77dde Merge pull request #375 from jrhite/master
  • 63279df Update copyright to 2016
  • 71bf6f5 Merge branch 'master' of https://github.com/vibornoff/grunt-contrib-uglify into fix-screw-ie8-option-crash
  • be7de43 CI: Remove node.js '0.12' and add '5'.
  • 8578547 add handling of mangle_properties regex option in uglifyjs
  • 1deb3be v0.11.0
  • 13e95a2 Bump uglify-js to v2.6.0.
  • 17ee505 Revert "Do not use "^" versions, ever, use ~"
  • 2562bb2 v0.10.1
  • 326f932 Merge pull request #369 from Rialgar/patch-1
  • 7276245 Do not use "^" versions, ever, use ~
  • b8bd228 v0.10.0
  • e47d9e1 Merge pull request #361 from UltCombo/patch-1

See the full diff

Package name: grunt-karma The new version differs by 31 commits.
  • aab923d chore: release v3.0.0
  • 02400ab chore: Update contributors
  • b5afebd Merge pull request #263 from karma-runner/data-files
  • 01e916c chore(refactor): simplify data.files creation
  • 0174ca8 chore: add test for flattened 'files' option and clean up code (#262)
  • a5a2fc0 chore: match order between task definition and execution
  • 19551fd fix(deps): Update test to use karma 3.0.0
  • d7dad1e chore(deps): update eslint to version 5.4.0
  • bc53ead chore: Remove unused 'pkgFile' from gruntfile.js
  • 26626b7 chore: make travis and local 'npm test' do the same
  • b7f3048 chore(package): update mocha to version 3.4.2
  • 1182766 fix(deps): update lodash version to address npm audit warning
  • 60373bc chore: add a Git .mailmap with my new name
  • d33f70e chore(travis): update Node versions tested
  • 9314248 fix: ensure proper path format
  • 01cf310 chore(deps): fix peerDependency on Grunt to include v1.x.
  • 38236eb Merge pull request #194 from gnail/patch-1
  • 33386b3 fix: Remove hardcoded useIframe & captureConsole opts
  • c7a27c2 Merge pull request #193 from karma-runner/upgrade
  • a911ca1 feat: upgrade dependencies
  • afb752f chore: release v2.0.0
  • 13ffaab chore: Update contributors
  • e81dc13 Merge pull request #189 from ValentinH/handle-base-path-in-preprocessors
  • e31195a Merge pull request #190 from MikeDimmickMnetics/background-use-client-send

See the full diff

Package name: karma The new version differs by 250 commits.
  • db41e8e chore: release v2.0.0
  • 0a1a8ef chore: update contributors
  • 1afcb09 chore: add yarn.lock
  • f64e1e0 Merge pull request #2899 from outsideris/fix-bad-url-in-stacktrace
  • 78ad12f refactor(server): move compile step to first run
  • 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
  • b53929a Merge pull request #2712 from macjohnny/patch-1
  • c9e1ca9 feat: better string representation of errors
  • 10fac07 Merge pull request #2885 from karma-runner/prep-2
  • 00e3f88 chore: remove yarn.lock for now
  • 60dfc5c feat: drop core-js and babel where possible
  • 0e1907d test: improve linting and fix test on node 4
  • af0efda test(e2e): update cucumber step definitions
  • c3ccc5d chore(ci): focus on even node versions
  • bf25094 chore(deps): update to latest
  • d93cc5f docs(config): Document port collision scenario.
  • 871d46f feat(launcher): trim whitespace in browser name
  • 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 7bd54ed Merge pull request #2890 from reda-alaoui/patch-1
  • 91e916a docs(config): Document port collision scenario.
  • 334f9fb feat(launcher): trim whitespace in browser name
  • e23c0d4 Merge pull request #2837 from JakeChampion/logs
  • a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 6d353dc docs: improve comments in config.tpl.*

See the full diff

Package name: karma-ie-launcher The new version differs by 22 commits.
  • 5a597b2 chore: release v1.0.0
  • 85e44b0 chore: update contributors
  • 0e4a963 chore(version): make a valid version # to bump :)
  • f7556ab chore(release): fixup version bump
  • 7b7bdcc chore: update contributors
  • 7f6c176 chore(conventional): use conventional releaser/changelog
  • 8899954 use conventional changelog/releaser
  • 018ba8a chore: release v2.0.0
  • ba5a164 chore: update contributors
  • 932063f chore: update contributors
  • 5ad633f chore(1.0): version bump to 1.0
  • 84cb483 Merge pull request #40 from ITGlobal/master
  • 7f6bf20 chore: tweak supported node.js versions
  • cd66ee2 fix: travis
  • 68c0920 fix: travis
  • 51a1b9b chore: use node 5 only on travis
  • 0f584d9 fix: travis
  • 9ecd12d chore: upgrade .travis.yml
  • 53c37d0 chore: add JetBrains WebStorm IDE files to gitignore
  • b81b643 chore: add universal editor config
  • 4fe4e47 refactor: fix eslint errors
  • ca53e9a chore: upgrade all npm packages

See the full diff

Package name: karma-phantomjs-launcher The new version differs by 28 commits.
  • eb0ca03 chore: release v1.0.4
  • 895fb86 fix: windows pathing
  • 00c3321 chore: release v1.0.3
  • c342607 chore: update contributors
  • db7ebc3 chore: add yarn.lock
  • fe013cd Merge pull request #131 from leightarasenko/master
  • 482eba5 fix: path issue with phantomjs and phantomjs-prebuilt
  • 9c56c0f chore: release v1.0.2
  • 5938221 chore: update contributors
  • fb11f35 Merge pull request #127 from enterit/binary-path-fix
  • faa7474 fix: incorrect phantomjs path calculation
  • f9e2de3 chore: release v1.0.1
  • 33b3421 chore: update contributors
  • 215bf0e Merge pull request #123 from joelmukuthu/master
  • 9ae8ada chore: add phantomjs-prebuilt to dependencies
  • 9b0f5e3 fix(version-reset): set version back to 1.0
  • 1b98e4c chore: release v2.0.0
  • a6da030 chore: update contributors
  • 4dec36d chore(1.0): version bump to 1.0
  • 22622e4 chore: release v1.0.0
  • 45807be chore: update contributors
  • 950292f Merge pull request #99 from shinnn/lodash
  • 9167041 Merge pull request #98 from shinnn/rename
  • 2a03f46 Merge pull request #100 from shinnn/ci

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
5db5379 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@baby636 @snyk-bot