GeoTIFF / geoblaze

Blazing Fast JavaScript Raster Processing Engine
http://geoblaze.io
MIT License
181 stars 28 forks source link

[Snyk] Security upgrade mathjs from 6.6.5 to 7.5.1 #171

Closed snyk-bot closed 3 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 651/1000
Why? Recently disclosed, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-MATHJS-1016401
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mathjs The new version differs by 120 commits.
  • 2594c69 Publish v7.5.1
  • ecb8051 Fix object pollution vulnerability in `math.config`
  • a2858e2 Publish v7.5.0
  • a72deb3 Update history
  • c5ab722 Merge branch 'pickrandom-allow-any-array)' of https://github.com/KonradLinkowski/mathjs into develop
  • 7575156 Publish v7.4.0
  • 642db06 Update history
  • 439ec41 Feat/rotate matrix (#1984)
  • 7854a9b Update history
  • a5cbb6a pickRandom - flatten the array
  • ca05c25 Allow any array in pickRandom function
  • bc4d94b Update history and authors list
  • becab40 sqrtm - throw an error for matrices with dimension greater than two (#1977)
  • f3c4a90 Update history
  • 9f06dad floor and cell with precision (#1967)
  • 76f6085 Publish v7.3.0
  • 73c66b9 Update devDependencies
  • f2d7a1b Update history and authors list
  • 1d0ce02 Merge remote-tracking branch 'origin/develop' into develop
  • f5d843b Binary, octal, and hexadecimal literals and formatting (#1968)
  • d82fc39 Simplify require url in math_worker example
  • 91fa8ea Fix require url in math_worker example
  • 18996cb Update devDependencies
  • 93ac70a Update history and authors list
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic