search

BiancoRoyal / node-red-contrib-bacnet

maintained by PLUS for Node-RED - https://plus4nodered.com
https://www.npmjs.com/package/node-red-contrib-bacnet
MIT License
24 stars 16 forks source link

[Snyk] Upgrade underscore from 1.11.0 to 1.13.4 #27

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade underscore from 1.11.0 to 1.13.4.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: underscore
  • 1.13.4 - 2022-06-02

    Patch release to address WebPack module federation issue

  • 1.13.3 - 2022-04-23

    Patch release with improved compatibility with ExtendScript

  • 1.13.2 - 2021-12-16

    Underscore 1.13.2 -- minor bugfixes and improved documentation

  • 1.13.1 - 2021-04-15

    Restores the underscore.js UMD alias to git

  • 1.13.0 - 2021-04-09

    Node.js native ESM support in main release stream, docs updates

  • 1.13.0-3 - 2021-03-31

    Preview release that adds the "module" exports condition

  • 1.13.0-2 - 2021-03-15

    Preview of 1.13.0 with security fix from 1.12.1

  • 1.13.0-1 - 2021-03-11

    Bugfix for the new Node.js 12+ native ESM entry point

  • 1.13.0-0 - 2021-03-10

    Node.js native ESM support (prerelease), _.debounce optimization

  • 1.12.1 - 2021-03-15

    Security fix in _.template and restored optimization in _.debounce.

  • 1.12.0 - 2020-11-24
  • 1.11.0 - 2020-08-28
from underscore GitHub release notes
Commit messages
Package name: underscore
  • 979dfc4 Merge branch 'prepare-1.13.4'
  • fcb149d Add a change log entry for 1.13.4
  • cf6ed6f Bump the version to 1.13.4
  • 75d257f Merge pull request #2959 from petschki/module-federation-version
  • 46d77d3 Fix for webpack module federation "No version" error
  • da06656 Merge pull request #2956 from zackschuster/patch-1
  • adf8838 fix heading nesting
  • 5af5ecb update contributing to clarify how to clone from other sources
  • 6ce24a2 add fsck error workaround to contributing.md #2887
  • c7ce0d7 Expand git.io URLs in codeql-analysis workflow (fix #2957)
  • e7e719e Update generated files, tag 1.13.3 release
  • 0062d3c Merge branch 'prepare-1.13.3'
  • 0a531f1 Add a change log entry for 1.13.3
  • 1022ab3 Update the LICENSE date
  • fd6f7a3 Bump the version to 1.13.3
  • b112c23 Add a comment to the modules/.eslintrc (post-merge review comment #2953)
  • 2bd4e79 Waste even fewer CPU cycles in CI
  • aca966a Prevent test-node from running twice in CI on Node.js 14
  • a3c2c66 Merge pull request #2953 from jgonggrijp/extendscript-precedence
  • c4e0920 Parenthesize remaining mixed expressions of && and || (#2949)
  • ad93ed5 Enforce parenthesization of && and || with a linter rule (#2949)
  • 825e9c2 Parenthesize mixed expressions of || and && (fix #2949)
  • 0557e33 Merge pull request #2951 from Krinkle/same-version
  • f12551c Merge pull request #2950 from Krinkle/xvfb
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs