Fleet-Hawks-Inc / fh-cloud-app

Repository for cloud app / frontend
1 stars 0 forks source link

[Snyk] Security upgrade pdfmake from 0.2.0 to 0.2.7 #3411

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 863/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.4
Code Injection
SNYK-JS-PDFMAKE-3160329
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: pdfmake The new version differs by 37 commits.
  • bc46caa 0.2.7
  • da19b86 Update CHANGELOG.md
  • af933ae Vulnerability fix CVE-2022-46161
  • 0f04a54 Node.js 18 LTS
  • 9a8ea38 0.2.6
  • a6a7668 Fixed refetching fonts from URL #2477
  • eebdf14 fixed TrueType Collection loading from URL #2456
  • 3255ec7 Roboto font (version 3.005)
  • 9c0743d fixed calculating page height #2464
  • 8920ffe year++
  • 819ea22 0.2.5
  • e2e44be support passing headers to request for loading font files and images via URL adresses #2071
  • 0695645 test for core-js polyfill Object.isExtensible bug #2362
  • ac08142 0.2.4
  • a8339f8 0.2.4
  • f60a075 Update CHANGELOG.md
  • ae0074e core-js 3.19.1 contains a bug with Object.isExtensible function. Set version 3.19.0 #2362
  • 35ebfe4 Update CHANGELOG.md
  • 990cab2 fix destination path argument in VFS build script (#2361)
  • 69e07bb fix changelog
  • 83a1dd5 0.2.3
  • 495c3c9 refresh pdf examples
  • ff79713 Update CHANGELOG.md
  • 6b550e7 fixed how infos are passed to pdfkit (#2347)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ‘©β€πŸ’» Set who automatically gets assigned

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Code Injection

commit-lint[bot] commented 1 year ago

Bug Fixes

Contributors

snyk-bot

Commit-Lint commands
You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR