Skip to content

[Snyk] Fix for 1 vulnerabilities #20

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #20

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908		 No No Known Exploit
Commit messages
Package name: node-gyp The new version differs by 40 commits.
  • 9a404d6 3.8.0
  • 9b9d98f doc: update changelog
  • c5929cb doc: update Xcode preferences tab name.
  • 8b488da doc: update link to commit guidelines
  • b4fe8c1 doc: fix visual studio links
  • 536759c configure: use sys.version_info to get python version
  • 94c39c6 gyp: fix ninja build failure (GYP patch)
  • e8ea74e tools: patch gyp to avoid xcrun errors
  • ea9aff4 tools: fix "the the" typos in comments
  • 207e5aa gyp: implement LD/LDXX for ninja and FIPS
  • b416c5f gyp: enable cctest to use objects (gyp part)
  • 40692d0 gyp: add compile_commands.json gyp generator
  • fc3c4e2 gyp: float gyp patch for long filenames
  • 8aedbfd gyp: backport GYP fix to fix AIX shared suffix
  • 6cd84b8 test: formatting and minor fixes for execFileSync replacement
  • 60e4213 test: added test/processExecSync.js for when execFileSync is not available.
  • 969447c deps: bump request to 2.8.7, fixes heok/hawk issues
  • 340403c win: improve parsing of SDK version
  • d8a0ca7 3.7.0
  • 84cea7b Remove unused gyp test scripts.
  • 0540e4e gyp: escape spaces in filenames in make generator
  • 88fc6fa Drop dependency on minimatch.
  • 1e203c5 Fix include path when pointing to Node.js source
  • 53d8cb9 Prefix build targets with /t: on Windows

See the full diff

Package name: request The new version differs by 41 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: deps/npm/package.json to reduce vulnerabilities
afa421a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
@snyk-bot snyk-bot mentioned this pull request Sep 12, 2021
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot