[Snyk] Security upgrade jsdoc from 3.6.4 to 3.6.7 - Githubissues

18F / fedramp-dashboard

https://marketplace.fedramp.gov

Creative Commons Zero v1.0 Universal

21 stars 19 forks source link

[Snyk] Security upgrade jsdoc from 3.6.4 to 3.6.7 #135

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	No	No Known Exploit
	486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsdoc

The new version differs by 6 commits.

e1f1919 3.6.7
f7a64bd chore(deps): update selected dependencies
3f5c462 3.6.6
95e3192 fix: correctly track interface members
ef05a69 3.6.5
a59b5cd fix: prevent circular refs when params have the same type expression

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic