Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #39

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

bbojda
Copy link

@bbojda bbojda commented Apr 15, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 170/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5
Prototype Pollution
SNYK-JS-LODASH-6139239
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt-browserify The new version differs by 23 commits.
  • afa393c Changelog, bump version to 5.1.0
  • 4718295 Housekeeping: update dependencies + dates.
  • 4f96beb Merge pull request #392 from gaurav21r/patch-1
  • 2233e43 Update browserify to 14.1.0 to support async / await
  • 8c30159 Remove the call for maintainers.
  • cda0b5f Merge pull request #379 from mrmartineau/patch-1
  • e152c57 Fixes broken issue links
  • b26e20f 5.0.0
  • 76537ce adds 5.0 changelog
  • 2e9680c Merge pull request #378 from Sjors/browserify-13
  • ace5e1f Merge pull request #358 from jeron-diovis/fix_watchify_for_mac_os
  • 2d41265 Merge pull request #319 from tleunen/patch-transform
  • f58b406 removes linting in the test to fix a jshint issue about strict usage
  • e7f1d7d changes github url to links
  • 8482e8a Allow Browserify 13
  • a5f6c08 Add a call for maintainers
  • c2d2a25 Merge pull request #372 from ntwb/update-dependencies
  • 6251c5c Update dependencies
  • 08d7416 Merge pull request #371 from ntwb/patch-1
  • 4bffe69 Update Travis CI to test NodeJS v4.x.x and v5.x.x
  • 9e1ef01 Enable "uodate" event emitting for MacOS
  • f310895 fixed tests
  • 5c9d2df browserify supports to receive an array for transform and plugin

See the full diff

Package name: grunt-contrib-jasmine The new version differs by 17 commits.
  • 201bb2a Release v2.0.3
  • 9b18221 Upgrade npm dependencies
  • d0e2572 fix: build only should pass if the buildSpecrunner runs without error
  • 74855ed Update dependencies
  • d65dd20 v2.0.2
  • d7f652f Fix typo
  • 55a5f1f Wait for spec runner before larunching browser
  • 408a233 Set the startTime before calling sendMessage
  • a30f731 Create new optional 'noSandbox' option to launching Puppeteer with no-sandbox arg.
  • a88f31b Launching Puppeteer with no-sandbox arg.
  • de29770 v2.0.1
  • a71cc54 Use the grunt current working directory to find the jasmine core folder (#277)
  • f3c320c Deals with #274 (#275)
  • a21b0b1 Implement options.version (#273)
  • 7d3dbdc update template usage (#272)
  • 51feacb Update deps (#271)
  • 02e72f3 Switch from PhantomJS to Chrome Headless via Puppeteer (#269)

See the full diff

Package name: grunt-contrib-uglify The new version differs by 33 commits.
  • d7704c4 v0.11.1
  • c129bf6 Merge pull request #377 from avdg/fix-screw-ie8-option-crash
  • d74556f Merge pull request #387 from joeldenning/patch-1
  • 758b7d5 Merge branch 'master' of github.com:gruntjs/grunt-contrib-uglify
  • 92c84c8 Point main to task
  • 0b00c0b Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
  • 52cc6ae Merge pull request #388 from swarajgiri/bump-dependencies
  • 2ff0283 Update lodash, maxmin and dev dependencies
  • 6352022 Improve documentation for conditional compilation
  • a6dd1cb Merge pull request #386 from ramswaroop/master
  • f3c4592 Update README.md
  • ea77dde Merge pull request #375 from jrhite/master
  • 63279df Update copyright to 2016
  • 71bf6f5 Merge branch 'master' of https://github.com/vibornoff/grunt-contrib-uglify into fix-screw-ie8-option-crash
  • be7de43 CI: Remove node.js '0.12' and add '5'.
  • 8578547 add handling of mangle_properties regex option in uglifyjs
  • 1deb3be v0.11.0
  • 13e95a2 Bump uglify-js to v2.6.0.
  • 17ee505 Revert "Do not use "^" versions, ever, use ~"
  • 2562bb2 v0.10.1
  • 326f932 Merge pull request #369 from Rialgar/patch-1
  • 7276245 Do not use "^" versions, ever, use ~
  • b8bd228 v0.10.0
  • e47d9e1 Merge pull request #361 from UltCombo/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants