[Snyk] Upgrade dagre from 0.7.4 to 0.8.5

[snyk-bot]

Snyk has created this PR to upgrade dagre from 0.7.4 to 0.8.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released a year ago, on 2019-12-03.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-73638	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution npm:lodash:20180130	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dagre

• 0.8.5 - 2019-12-03
  

  Update to 0.8.5

• 0.8.4 - 2018-12-09
  

  Prep v0.8.4 release

• 0.8.3 - 2018-12-09
  

  Prep v0.8.3 release

• 0.8.2 - 2018-02-06
  

  Prep v0.8.2 release

• 0.8.1 - 2017-12-31
  

  Prep v0.8.1 release

• 0.7.4 - 2015-07-30
  

  Prep v0.7.4 release

from dagre GitHub release notes

Commit messages

Package name: dagre

• f56edb1 Update to 0.8.5
• 079654c Update lodash
• 52b2b4f Update eslint, karma, mocha
• ec3fd32 Update lodash and ESLint
• 5cbd6ed Bump version and set as pre-release
• 453fa90 Prep v0.8.4 release
• 98078ad Update to graphlib 2.1.6
• f60d1a0 Merge pull request Validate duration fields in UI jaegertracing/jaeger-ui#244 from mwaldstein/master
• db45b92 Merge branch 'master' into master
• 8dc461f Bump version and set as pre-release
• 99a59a9 Prep v0.8.3 release
• 5877eb4 Update to browserify 16.2.3
• e79e2bf Bug in lodash build
• 0724117 Update to Karma 3.0.0
• f630921 npm audit fix
• dce716e Move to modular lodash
• 7e050f8 Merge pull request Fix CollapseOne action jaegertracing/jaeger-ui#230 from tylerlong/master
• aa4584e Change _.minBy to _.min
• 456cb97 Update util.js
• 3d538f0 Bump version and set as pre-release
• 4c7dc4c Prep v0.8.2 release
• c6cacf7 Merge pull request Trace diffs jaegertracing/jaeger-ui#228 from rustedgrail/master
• ee72d87 Building an array of node ids instead of functions
• f529d9a Cleaned up return values to always be an array

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs