Skip to content

[Snyk] Security upgrade ajv from 6.12.2 to 6.12.3 #253

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 21, 2020
Merged

[Snyk] Security upgrade ajv from 6.12.2 to 6.12.3 #253

merged 1 commit into from
Jul 21, 2020

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908		 No No Known Exploit
Commit messages
Package name: ajv The new version differs by 53 commits.
  • 521c3a5 6.12.3
  • bd7107b Merge pull request #1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
  • 9c26bb2 Merge pull request #1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
  • c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
  • 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
  • d6aabb8 test: remove node 8 from travis test
  • c4801ca Merge pull request #1242 from ajv-validator/refactor
  • 988982d ignore proto properties
  • f2b1e3d whitespace
  • 65e3678 Merge pull request #1239 from GrahamLea/patch-1
  • 68d72c4 update regex
  • 9c009a9 validate numbers in multipleOf
  • 332b30d Merge pull request #1241 from ajv-validator/refactor
  • 1105fd5 ignore proto properties
  • 65b2f7d validate numbers in schemas during schema compilation
  • 24d4f8f remove code post-processing
  • fd64fb4 Add link to CSP section in Security section
  • 0e2c346 Add Contents link to CSP section
  • c581ff3 Clarify limitations of ajv-pack in README
  • 0006f34 Document pre-compiled schemas for CSP in README
  • 140cfa6 Merge pull request #1238 from cvlab/patch-1
  • e7f0c81 Fix mistype in README.md
  • 54c96b0 Bump eslint from 6.8.0 to 7.3.1
  • 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot @lholmquist
fix: package.json & package-lock.json to reduce vulnerabilities
80e01ea 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908

Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
@lholmquist lholmquist force-pushed the snyk-fix-55521e643ff5c1cf7ec0f60bc39d7b7a branch from fd8bd76 to 80e01ea Compare July 17, 2020 13:01
@lance lance merged commit 2ed5f84 into master Jul 21, 2020
@lance lance mentioned this pull request Jul 24, 2020
Closed
@lance lance deleted the snyk-fix-55521e643ff5c1cf7ec0f60bc39d7b7a branch August 12, 2020 16:13
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@lholmquist lholmquist lholmquist approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snyk-bot @lholmquist @lance