MitocGroup / deep-framework

Full-stack JavaScript Framework for Cloud-Native Web Applications (perfect for Serverless use cases)
https://www.npmjs.com/package/deep-framework
Mozilla Public License 2.0
536 stars 68 forks source link

[Snyk] Security upgrade webpack from 2.7.0 to 4.0.0 #649

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: webpack The new version differs by 250 commits.
  • 213226e 4.0.0
  • fde0183 Merge pull request #6081 from webpack/formating/prettier
  • b6396e7 update stats
  • f32bd41 fix linting
  • 5238159 run prettier on existing code
  • 518d1e0 replace js-beautify with prettier
  • 4c25bfb 4.0.0-beta.3
  • dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
  • 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
  • c7eb895 Merge pull request #6452 from webpack/update_acorn
  • 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
  • e52f323 optimize performance of assignDepth
  • 6bf5df5 Fixed template.md
  • 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
  • b0949cb add integration test for spread operator
  • 39438c7 unittest now also walks the ast
  • 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
  • 1611ce1 Merge pull request #6561 from joshunger/patch-1
  • 6e175bc Merge pull request #6549 from webpack/md4_hash
  • 0637531 Add a hyperlink to create a new issue
  • 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
  • 72477f4 upgrade versions to stable versions
  • ed30285 Merge pull request #6546 from webpack/bot/review-permission
  • 40ee8c7 Use MD4 for hashing
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution