Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: handlebars
The new version differs by 53 commits.- f691db5 v4.1.1
- 25b2e11 Update release notes
- e5c3937 Update release notes
- aef7287 Merge pull request #1511 from wycats/saucelabs
- 684f103 chore: reactivate saucelabs-tests
- 7840ab6 test: make security testcase internet explorer compatible
- 4108b83 Merge pull request #1504 from liqiang372/deprecate-substr-method
- 445ae12 deprecate substr method and use existing strip function in grammar
- 5cedd62 fix: add "runtime.d.ts" to allow "require('handlebars/runtime')"
- 40fb115 Revert "chore: re-activate saucelabs"
- b2e2cfe chore: re-activate saucelabs
- 037bfbf Merge pull request #1500 from wycats/neo-async
- 048f2ce refactor: replace "async" with "neo-async"
- b92589a test: add test for NodeJS compatibility
- 1c62d4c Merge branch 'issue-1495' into 4.x
- 7caca94 v4.1.0
- 7bd34fb Update release notes
- b02e9a2 test: run appveyor tests in Node 10
- f1c8b2e chore: disable sauce-labs
- dbc50ac chore: bump version of grunt-saucelabs
- c6a8fc1 chore: add .idea and yarn-error.log to .gitignore
- 42841c4 fix: disallow access to the constructor in templates to prevent RCE
- 56fc676 test: run appveyor tests in Node 10
- ee30222 chore: disable sauce-labs
See the full diffPackage name: winston
The new version differs by 120 commits.- b47d5d5 3.3.0
- b6bc918 Prepare for v3.3.0
- 9354721 doc: fix whitespace and trailing comma. (#1778)
- 3d07a80 docs: add example of uncaughtRejections logging (#1780)
- df25fa2 fix: change property of handleRejections (#1779)
- 950cbcd Add options to request (#1777)
- 1c75292 Update package-lock.json (#1772)
- e7d13d5 Exclude unnecessary files from npm package (#1768)
- 75f7edf Fix removes a logger when pass undefined transport (#1785)
- 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)
- 73ae01f Update Sentry transport `require` change (#1754)
- 7b67eb0 Fix typo (#1750)
- 1679c49 Fix Issue where winston removes transport on error (#1364) (#1714)
- 0e0cf14 Fix #1690 (#1691)
- 85a250a Node 12 is LTS now
- bea9c34 Update README.md (#1743)
- 319abf1 Add defaultMeta to Logger index.d.ts (#1736)
- c719706 (typo) Missing label import in example (#1733)
- 8944598 Update index.d.ts (#1729)
- 7bb258c Fix `npm` logging levels on README.md (#1737)
- 64744d7 #1567: document common transport options (#1723)
- ae2335b Add Humio transport link to docs (#1705)
- 785bd9e UPDATE levels on readme (http added) (#1650)
- 4f44acb Add PostgresQL transport to list of community transports (#1697)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution