search

TAMULib / SAGE

Search Aggregation Engine
MIT License
6 stars 1 forks source link

[Snyk] Upgrade @wvr/core from 2.2.2 to 2.2.4 #544

Closed ghost closed 9 months ago

ghost commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @wvr/core from 2.2.2 to 2.2.4.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **2 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2023-03-23. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-LODASHSET-1320032](https://snyk.io/vuln/SNYK-JS-LODASHSET-1320032) | **472/1000**
**Why?** Proof of Concept exploit, CVSS 7.3 | Proof of Concept | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | **472/1000**
**Why?** Proof of Concept exploit, CVSS 7.3 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: @wvr/core
  • 2.2.4 - 2023-03-23

    Full Changelog: v2.2.3...v2.2.4

      </li>
  <li>
    <b>2.2.3</b> - <a href="https://snyk.io/redirect/github/TAMULib/Weaver-UI-Core/releases/tag/v2.2.3">2023-03-23</a></br><h2>What's Changed</h2>
    • Must now manually install git in Dockerfile. by @ kaladay in #226
    • [Snyk] Upgrade bootstrap-sass from 3.4.1 to 3.4.3 by @ snyk-bot in #225
    • [Snyk] Upgrade @ lhci/cli from 0.9.0 to 0.11.0 by @ snyk-bot in #227
    • Weaver Repo Lazy is too Eager. by @ kaladay in #228
    • Provide an alternative to getAll() that returns a promise and still respects the lazy load setting. by @ kaladay in #229

    New Contributors

    Full Changelog: v2.2.2...v2.2.3

      </li>
  <li>
    <b>2.2.2</b> - <a href="https://snyk.io/redirect/github/TAMULib/Weaver-UI-Core/releases/tag/v2.2.2">2022-12-19</a></br><h2>What's Changed</h2>
    • Update GitHub actions. [#173]
    • Dame aug sept sprint 129 deep linking. [#175]
    • Updated forever to fix colors dependency. [#176]
    • Replace affiliation scope variable with a scope function getUserAffiliation(). [#177]
    • Enable support for SSL by simply dropping an ssl.crt and an ssl.key in the directory. [#178]
    • Logout should return the user to the main page instead of an error/401 page. [#179]
    • Upgrade dependencies and increment RC. [#181]
    • The abstractRepo.contains() doesn't always get an object. [#185]
    • Tech debt webpack. [#183]
    • Docker compose to publish @ wvr/core. in containerized verdaccio [#191]
    • Upgrade dependencies. [#193]
    • Developing process for upgrade to webpack and docker deployments. [#195]
    • Add webpack as explicit dependency. [#198]
    • Allow app to define terser options. [#199]
    • Add override in NPM to reduce security issues. [#200]
    • Remove volumes due to problems. [#202]
    • Update bootstrap sass. [#203]
    • Add dev dependencies used by CAP [#204]
    • Afford multiple SCSS files to generate individual CSS when building. [#206]
    • Support all known pattern functions and conditionally handle 'to'. [#207]
    • Update Dockerfile, making it consistent with other UI Dockerfiles where possible. [#208]
    • Tech debt weaver upgrade. [#205]
    • Allow override webpack stats and devserver client. [#210]
    • No longer need hard coded mirador filter. [#212]
    • Unique id for validated input. [#211]
    • Fix unauthenticated access control. [#213]
    • Use node:16-slim. [#215]
    • Weaver authentication is making unsafe assumptions on the data and failing out incorrectly. [#218]
    • Return to Safety, results in going back to 403. [#222]
    • Security fixes for: minimatch and qs. [#223]

    Full Changelog since last release: 2.2.0...v2.2.2

      </li>
</ul>
from <a href="https://snyk.io/redirect/github/TAMULib/Weaver-UI-Core/releases">@wvr/core GitHub release notes</a>

Commit messages
Package name: @wvr/core
  • ec4d2ff Downgrade bootstrap-sass as incompatible with wro
  • 603ea53 Version 2.2.3
  • 889ef61 Merge pull request #229 from TAMULib/2.x-lazy_too_eager-and-findAll
  • fa3e5ee Merge pull request #228 from TAMULib/2.x-lazy_too_eager
  • 040d37e Merge branch '2.x' into 2.x-lazy_too_eager-and-findAll
  • b80155a fix: upgrade @ lhci/cli from 0.9.0 to 0.11.0 (#227)
  • ad2e91a fix: upgrade bootstrap-sass from 3.4.1 to 3.4.3 (#225)
  • 539ef17 Provide an alternative to getAll() that returns a promise and still respects the lazy load setting.
  • 16271d2 Disable forceLoad if reset() is called.
  • d5fc128 Weaver Repo Lazy is too Eager.
  • 9819671 Cleanup minor code blemishes.
  • 49e1cc7 Merge pull request #226 from TAMULib/2.x-github_actions
  • 42ed8dd Must now manually install git in Dockerfile.
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

github-actions[bot] commented 1 year ago

Coverage Status

Coverage: 45.815% (+0.02%) from 45.792% when pulling 0ec5fdfde4971f575a9f0430c2181bb1e4d15beb on snyk-upgrade-2a7c70b1302c7183d7bd0de6461dd079 into cba62ab828f7a31639a4a2a48a1a1124ca8bb0f9 on main.