search

DemocracyOS / democracyos

Democracia en Red is focusing on specific implementations of DemocracyOS. We are working now working with governments and activists all over Latin America. If you are interested in our online participation tools you can check them out on our site.
https://democraciaos.org/en/
GNU General Public License v3.0
1.77k stars 616 forks source link

[Snyk] Fix for 2 vulnerabilities #1674

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-DOCPATH-1011952		 Yes Proof of Concept
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-MERGE-1040469		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: json-2-csv The new version differs by 83 commits.
  • 7245dea v3.7.8, Update doc-path to 2.1.2
  • 73cec42 Merge pull request #163 from mrodrig/update-dev-deps
  • ab60063 Update devDependencies
  • 8c00071 Merge pull request #162 from mrodrig/fix-161
  • ead00f4 Handle scenario where CSV has no EOL and last character is a field delimiter.
  • dc48adb chore(release): 3.7.6
  • 8ae4e7d Merge pull request #159 from mrodrig/fix-158
  • 2f8249a Fix TS options definition to include unwindArrays, useLocaleFormat
  • b25503f Merge pull request #157 from mrodrig/dependabot/npm_and_yarn/lodash-4.17.19
  • 09e5726 chore(deps): bump lodash from 4.17.15 to 4.17.19
  • a4ba34c chore(release): 3.7.5
  • ffcada9 Merge pull request #156 from mrodrig/fix-155
  • 22ab313 Fix to properly handle empty last field values in csv2json.
  • a352e18 chore(release): 3.7.4
  • e25121f Merge pull request #154 from pustovitDmytro/stable
  • 225a202 Handle wrap in first column for multiline eol (#153)
  • 0155b47 chore: 3.7.3
  • b2dbb7f Update dependencies
  • c8aae63 Merge pull request #152 from mrodrig/fix-151
  • a59df3b 3.7.2 release
  • 240028b Handle empty array case when unwindArrays option is true.
  • 84c13aa Fix #149 (#150)
  • 826b1b1 Update dependencies, 3.7.0 (#148)
  • 42c58d8 Add 'useLocaleFormat' option. (#147)
See the full diff
Package name: merge The new version differs by 25 commits.
  • 8686d85 build: bump version
  • 80151be build
  • 0acaaf3 build: update dev dependencies
  • f571887 Merge pull request #38 from 418sec/master
  • 869927f Merge pull request #1 from alromh87/master
  • c2f8454 Fix Prototype Pollution
  • bf8b1ff build: include typings
  • ece8885 Merge pull request #32 from yeikos/develop
  • 43ffa43 build: include only needed files
  • 7bf0fc8 fix: export default function (typings)
  • 159e724 build: bump version
  • 21f4105 fix: default typings
  • 36d4b9c build: new npm scripts
  • eabfd6f build: CommonJS support
  • bf85170 test: add merge script
  • 75ba781 build: add editor config
  • 2d2b54a build: update ignored files
  • b36036a docs: remove license copyright
  • 1385593 build: update main script and description
  • 2b22e6b docs: update readme
  • 7cc6574 build: package-lock.json
  • 29e46a8 build: ts and webpack config
  • da8d5a9 build: compiled sources
  • f3e2133 refactor: from js to ts
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic