search

attesch / cezerin

Cezerin is React and Node.js based eCommerce platform.
https://cezerin.com
MIT License
1 stars 0 forks source link

[Snyk] Fix for 1 vulnerabilities #315

Open attesch opened 2 months ago

attesch commented 2 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-LODASH-6139239](https://snyk.io/vuln/SNYK-JS-LODASH-6139239) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: babel-eslint The new version differs by 28 commits.
  • 4bd049e 10.1.0
  • 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
  • 183d13e 10.0.3
  • 354953d fix: require eslint dependencies from eslint base (#794)
  • 48f6d78 10.0.2
  • 0241b48 removed unused file reference (#773)
  • 4cf0a21 10.0.1
  • 98c1f13 Revert #584 (#697)
  • 8f78e28 10.0.0
  • 717fba7 test value should be switched
  • 020d012 Treat type alias declarationlike function declaration (#584)
  • b400cb1 Test eslint5, update peerDep (#690)
  • c333bd6 Drop old monkeypatching behavior (#689)
  • 6aa8b6f 9.0.0
  • c7ee9ae Bump to babel@7.0.0 🎉 (#676)
  • 3ece549 Docs: Make the default parserOptions more explicit (#673)
  • 0b36951 Add logical assignment plugin (#674)
  • 5856ff5 Bump some devDeps
  • 45938d9 build(deps): upgrade @ babel/* to 7.0.0-rc.2 (#668)
  • bc97875 9.0.0-beta.3
  • 74c5d62 update lock
  • 6a45632 chore - fixing eslint-scope to a safe version; resolves #656. (#657)
  • e0119e0 9.0.0-beta.2
  • 198964b Merge pull request #645 from rubennorte/support-new-flow-syntax-in-scope-analysis
See the full diff
Package name: html-webpack-plugin The new version differs by 139 commits.
  • eb73905 chore(release): 4.0.0
  • 42a6d4a Add typing for getHooks
  • a1a37cf Release html-webpack-plugin 4.0.0-beta.14
  • 97f9fb9 fix: load script files before style files files in defer script loading mode
  • e97ce17 Release html-webpack-plugin 4.0.0-beta.13
  • e448b5d Release html-webpack-plugin 4.0.0-beta.12
  • de315eb feat: Add defer script loading
  • 7df269f feat: Provide a verbose error message if html minification failed
  • 1d66e53 feat: merge templateParameters with default template parameters
  • dfb98e7 Fix typo in template option docts
  • 096a760 Fix broken links in examples
  • a195c34 docs: Update template-option documentation
  • 40b410e docs: Update example for template parameters
  • bf017f3 chore: Release 4.0.0-beta.11
  • 2549557 test: Don't use minification for speed measurement
  • de22fc2 test: Adjust measurment for node 6 on travis
  • 24bf1b5 fix: Update references to html-minifier
  • f4eafdc chore: Release 4.0.0-beta.10
  • a2ad30a refactor: Use getAssetPath instead of calling the hook directly
  • 2595a79 chore: Release 4.0.0-beta.9
  • c66766c feat: Add support for minifying inline ES6 inside html templates
  • 655cbcd Fix README typo
  • 6de319b update lodash dependency for prototype polution vulnerability
  • 35a1541 Properly encode file names emitted as part of URLs.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"30c8c0fd-bd16-42d3-883f-4a5888d8a040","prPublicId":"30c8c0fd-bd16-42d3-883f-4a5888d8a040","dependencies":[{"name":"babel-eslint","from":"8.2.6","to":"10.1.0"},{"name":"html-webpack-plugin","from":"3.2.0","to":"4.0.0"},{"name":"lodash","from":"4.17.10","to":"4.17.17"}],"packageManager":"npm","projectPublicId":"54f4ee92-998c-4470-8c24-77a260feb55b","projectUrl":"https://app.snyk.io/org/attesch/project/54f4ee92-998c-4470-8c24-77a260feb55b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-LODASH-6139239"],"upgrade":["SNYK-JS-LODASH-6139239"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)