Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #338

Merged
merged 1 commit into from
Sep 9, 2020
Merged

[Snyk] Fix for 2 vulnerabilities #338

merged 1 commit into from
Sep 9, 2020

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Sep 3, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489		 Yes Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS )
SNYK-JS-MARKED-584281		 No No Known Exploit
Commit messages
Package name: typedoc The new version differs by 20 commits.
  • 5b3e56b chore: Bump version to 0.18.0
  • 14eb245 chore: Upgrade dependencies
  • cce8bf6 Merge remote-tracking branch 'origin/fix/1263'
  • 2f8d295 BREAKING CHANGE: Bump minimum node version to 10
  • a0a8f14 chore(deps): bump lodash from 4.17.15 to 4.17.19
  • 021261c chore: Fix lint
  • 23482c5 chore: Rebuild renderer test
  • 7fc721c fix: Improve support for type aliases
  • f582eb3 fix: Examples don't run (#1327)
  • ea1cdcb chore: Fix invalid renderer test failure
  • 82a7e76 chore: Update rendered specs
  • 471d36e chore: Bump version to 0.17.8
  • 7b54288 Merge branch 'master' of https://github.com/TypeStrong/typedoc
  • c7eabf7 fix: Use `baseUrl` to determine file paths (#1313)
  • d704709 fix: Support resolveJsonModule
  • e553af2 fix: Do not ignore the properties of object type literals (#1308)
  • 30fab7a fix: GithubPlugin: read correct remote when multiple github repos exist
  • 48090b7 chore: Add note about ignoreCompilerErrors
  • 4decfbe chore: Fix lint
  • 5878278 fix: Only set inputFiles from tsconfig if not already set

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot @lholmquist
fix: package.json & package-lock.json to reduce vulnerabilities
e756713 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DOTPROP-543489
- https://snyk.io/vuln/SNYK-JS-MARKED-584281

Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
@lholmquist lholmquist force-pushed the snyk-fix-dbba5cd39be2508a4d896bb02b1546ae branch from ac003b6 to e756713 Compare September 8, 2020 23:22
@lance lance merged commit eca43d9 into main Sep 9, 2020
@lance lance deleted the snyk-fix-dbba5cd39be2508a4d896bb02b1546ae branch September 9, 2020 13:46
@lholmquist lholmquist mentioned this pull request Oct 26, 2020
Closed
@lholmquist lholmquist mentioned this pull request Dec 11, 2020
Merged
This was referenced Dec 24, 2020
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lholmquist lholmquist lholmquist approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snyk-bot @lholmquist @lance