search

OysteinAmundsen / gymsystems

Web system for competitive teamgym scoreboarding
https://gymsystems.no
MIT License
13 stars 0 forks source link

[Snyk] Security upgrade fast-csv from 3.7.0 to 4.3.6 #639

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-FASTCSV-1049538		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: fast-csv The new version differs by 233 commits.
  • 3dc859e chore(release): publish v4.3.6
  • 4bbd39f fix: Simplify empty row check by removing complex regex
  • 1d18b89 chore(deps): update dependency eslint-plugin-tsdoc to v0.2.10
  • 6101e60 chore(deps): update dependency eslint-plugin-prettier to v3.2.0
  • 864e5cf chore(deps): update dependency eslint-plugin-tsdoc to v0.2.9
  • e04342f chore(deps): update dependency @ types/jest to v26.0.16
  • ef3d802 chore(deps): update typescript-eslint monorepo to v4.9.0
  • 5c35dbc chore(deps): update dependency eslint-plugin-tsdoc to v0.2.8
  • 3540be6 chore(deps): update dependency prettier to v2.2.1
  • a6befe2 chore(deps): update dependency @ types/sinon to v9.0.9
  • f7e1236 chore(deps): update typescript-eslint monorepo to v4.8.2
  • b69808b chore(deps): update dependency eslint to v7.14.0
  • 9af7a41 fix(deps): update dependency @ types/yargs to v15.0.10
  • 057a4da fix(deps): update dependency yargs to v16.1.1
  • 5f2a15a chore(deps): update dependency prettier to v2.2.0
  • 979cfcf chore(deps): update typescript-eslint monorepo to v4.8.1
  • 97a0cc5 chore(deps): update typescript-eslint monorepo to v4.8.0
  • fb7f92d chore(deps): update dependency eslint-plugin-jest to v24.1.3
  • 3bf2919 chore(deps): update dependency eslint-plugin-jest to v24.1.2
  • 35fcaf9 chore(deps): update dependency eslint-plugin-jest to v24.1.1
  • b03b546 chore(deps): update typescript-eslint monorepo to v4.7.0
  • d1aa33e chore(deps): update dependency ts-jest to v26.4.4
  • df5c4fe chore(deps): update dependency eslint to v7.13.0
  • 051d143 chore(deps): update dependency jest to v26.6.3
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic