search

SuperMap / vue-iclient

SuperMap iClient UI Components for Vue.js
https://iclient.supermap.io/web/apis/vue/
Apache License 2.0
193 stars 56 forks source link

[Snyk] Fix for 6 vulnerabilities #25

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-SWIPER-1088062		 Yes Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-THREE-1064931		 No Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-XLSX-1311137		 No Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-XLSX-1311139		 No Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-XLSX-1311141		 No Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-XLSX-585898		 No Proof of Concept
Commit messages
Package name: three The new version differs by 250 commits.
  • e1037f9 r125
  • 3f03b59 Merge pull request #21158 from Mugen87/dev51
  • b14f0ee Merge pull request #21148 from elalish/variantNormals
  • 535f7fc Examples: Clean up.
  • c5acc71 Merge pull request #21157 from Mugen87/dev51
  • 8242ac0 TS: Add failIfMajorPerformanceCaveat.
  • 72a9ae4 Merge pull request #21155 from donmccurdy/docs-gltfloader-ktx2
  • 41e2f30 GLTFLoader: Remove 'experimental' note on KHR_texture_basisu.
  • 65d597d adding notes
  • d16ca2a Merge pull request #21154 from j13ag0/patch-1
  • 192b4dd Update Vector3.html
  • 16eb3ec Merge pull request #21145 from Mugen87/dev2
  • 3d153ab Merge pull request #21149 from Mugen87/dev51
  • ca306c0 Add version to glslang.
  • f9d120d WebGPURenderer: Refactor glslang import.
  • 5eba37e Added RGBMLoader.
  • 5f1124b fixed GLTF variants normal map scale
  • b15bd85 Merge pull request #21134 from 1993heqiang/local_dev
  • a295496 Merge pull request #21146 from chpatrick/reset-current-depth
  • 58338b6 Merge pull request #21144 from donmccurdy/cleanup-universal-texture-loaders
  • 608216f Reset _currentDepth... in onSessionEnd in WebXRManager.
  • 055ffaf KTX2Loader + BasisTextureLoader: Clean up.
  • e5d85f6 Docs: Modify ‘round’ to ‘orbit’
  • ff5573c Merge pull request #19085 from Mugen87/dev48
See the full diff
Package name: xlsx The new version differs by 109 commits.
  • 3542d62 version bump 0.17.0
  • 6c5db36 AWS Lambda Binary Media Types
  • 59b3dae Tested the MongoDB scripts and fixed them
  • e958dbf Refresh server demos
  • 1d7aff4 suppress modified test files
  • f8c0a86 [Tests] migrate tests to Github Actions
  • 58e59dc updates to react demo
  • 333deae write and parse ods in mini build (#2197)
  • 20212e1 version bump 0.16.9: utf-8 codenames
  • f7835d6 Add support for outline configuration
  • eec93b0 Fixed parsing for first cell in .fods documents
  • 6ecfeb6 Added google sheet example
  • b0e68a9 Add escape slash to cell matcher
  • 9f1ba60 version bump 0.16.8: CRLF in formulae
  • b9323c5 Update 78_writebiff.js
  • d4cfadb Fix #2071
  • 5985739 Mark generated files as binary
  • 542636b Update 80_parseods.js
  • 82b7ada version bump 0.16.7
  • 0cc6cc9 XLSX verify formula is string (fixes #1703)
  • 2c5a863 Removed null ws return from 90_utils
  • 2e32611 version bump 0.16.6: xlfn option
  • 3b589f0 XLSX SST treat <si></si> as empty (fixes #2083)
  • abed474 whitespace check (fixes #2075)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic