Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #338

Merged
merged 1 commit into from
Sep 9, 2020
Merged

[Snyk] Fix for 2 vulnerabilities #338

merged 1 commit into from
Sep 9, 2020

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Sep 3, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489		 Yes Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS )
SNYK-JS-MARKED-584281		 No No Known Exploit
Commit messages
Package name: typedoc The new version differs by 20 commits.
  • 5b3e56b chore: Bump version to 0.18.0
  • 14eb245 chore: Upgrade dependencies
  • cce8bf6 Merge remote-tracking branch 'origin/fix/1263'
  • 2f8d295 BREAKING CHANGE: Bump minimum node version to 10
  • a0a8f14 chore(deps): bump lodash from 4.17.15 to 4.17.19
  • 021261c chore: Fix lint
  • 23482c5 chore: Rebuild renderer test
  • 7fc721c fix: Improve support for type aliases
  • f582eb3 fix: Examples don't run (#1327)
  • ea1cdcb chore: Fix invalid renderer test failure
  • 82a7e76 chore: Update rendered specs
  • 471d36e chore: Bump version to 0.17.8
  • 7b54288 Merge branch 'master' of https://github.com/TypeStrong/typedoc
  • c7eabf7 fix: Use `baseUrl` to determine file paths (#1313)
  • d704709 fix: Support resolveJsonModule
  • e553af2 fix: Do not ignore the properties of object type literals (#1308)
  • 30fab7a fix: GithubPlugin: read correct remote when multiple github repos exist
  • 48090b7 chore: Add note about ignoreCompilerErrors
  • 4decfbe chore: Fix lint
  • 5878278 fix: Only set inputFiles from tsconfig if not already set

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot @lholmquist
fix: package.json & package-lock.json to reduce vulnerabilities
e756713 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DOTPROP-543489
- https://snyk.io/vuln/SNYK-JS-MARKED-584281

Signed-off-by: Lucas Holmquist <lholmqui@redhat.com>
@lholmquist lholmquist force-pushed the snyk-fix-dbba5cd39be2508a4d896bb02b1546ae branch from ac003b6 to e756713 Compare September 8, 2020 23:22
@lance lance merged commit eca43d9 into main Sep 9, 2020
@lance lance deleted the snyk-fix-dbba5cd39be2508a4d896bb02b1546ae branch September 9, 2020 13:46
@lholmquist lholmquist mentioned this pull request Oct 26, 2020
Closed
@lholmquist lholmquist mentioned this pull request Dec 11, 2020
Merged
This was referenced Dec 24, 2020
Merged
Merged
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@lholmquist lholmquist lholmquist approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snyk-bot @lholmquist @lance