Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade snyk from 1.413.3 to 1.425.4 #200

Merged
merged 1 commit into from
Nov 25, 2020
Merged

[Snyk] Security upgrade snyk from 1.413.3 to 1.425.4 #200

merged 1 commit into from
Nov 25, 2020

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 544/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk The new version differs by 96 commits.
  • 80b5a4d Merge pull request #1524 from snyk/chore/bump-snyk-config-test
  • 16d5ab6 fix: use snyk-config version v4.0.0-rc.2
  • 312ca91 Merge pull request #1516 from snyk/fix/dont-create-json-if-you-dont-need-it
  • f6d7217 fix: don't create JSON if we don't need it
  • f075a13 Merge pull request #1515 from bgeveritt-snyk/fix/nuget-diff-target-monikers
  • f07878d Merge pull request #1519 from snyk/fix/handle-poetry-dependencies-with-underscores
  • 18905cc fix: up python plugin version to autoresolve dependencies w/ underscores
  • 17c5e42 Merge pull request #1517 from snyk/feat/empty-manifest-graceful-error
  • b441582 feat: bump python plugin version to include graceful fail when no deps
  • 7012caa fix: add json module with jsonStringifyLargeObject
  • b8eab37 fix: bump nuget plugin to fix diff target monikers
  • 8b14d00 Merge pull request #1512 from snyk/fix/k8s-object-requirements
  • bb7efaf fix: remove spec requirement
  • 50ec62d Merge pull request #1513 from snyk/refactor/iac-owenrship
  • 8375bf7 refactor: fix iac codeowners
  • 90b61dd Merge pull request #1508 from snyk/fix/improve-error-message-for-scanning-an-image-that-doesnt-exist
  • a5ccb25 fix: Improve error message for scanning an image that doesn't exist
  • 47189a5 Merge pull request #1509 from snyk/DC-998/fix-headers-docker-desktop
  • 32f23aa Merge pull request #1502 from snyk/smoke/docker-root
  • 27b838e fix: incorrect header sent for Docker Desktop requests
  • cb5beb9 Merge pull request #1507 from snyk/fix/support-globs-pattern-yarn-workspaces
  • 5554acf fix: support globs pattern in yarn workspaces definitions
  • c095596 test(smoke): scenario where root user installing Snyk
  • 4f4936d Merge pull request #1504 from snyk/feat/add-jar-scanning-inside-container

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot snyk-bot requested a review from badsyntax as a code owner November 24, 2020 06:28
@badsyntax badsyntax merged commit 6034273 into master Nov 25, 2020
@badsyntax badsyntax deleted the snyk-fix-8773795c15a12f8ec1b845522be0e246 branch November 25, 2020 09:56
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@badsyntax badsyntax Awaiting requested review from badsyntax badsyntax is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @badsyntax