chef-partners / azuredevops-chef

MIT License
9 stars 3 forks source link

[Snyk] Security upgrade dot-object from 1.9.0 to 2.1.3 #45

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-DOTOBJECT-548905
Yes Proof of Concept
Commit messages
Package name: dot-object The new version differs by 32 commits.
  • 84356a7 Merge tag 'v2.1.3' into develop
  • 67142e7 Merge branch 'release/v2.1.3'
  • c4a4dd5 prepare v2.1.3
  • f76cff5 guard for possible prototype polution
  • ee628c2 Merge tag 'v2.1.2' into develop
  • 0c8a4d8 Merge branch 'release/v2.1.2'
  • 6bc8849 prepare v2.1.2
  • b18aaac Merge branch 'master' into develop
  • a292262 add test for deeply nested arrays
  • 6a91c11 fix undefined for root level array
  • ea358be Merge tag 'v2.1.1' into develop
  • 1e6f080 Merge branch 'release/v2.1.1'
  • 8dcb301 prepare v2.1.1
  • 739c111 Wrong array conversion with [0] fixes #27
  • 7ab7d4f Merge tag 'v2.1.0' into develop
  • c2e0b19 Merge branch 'release/v2.1.0'
  • c205762 prepare release v2.1.0
  • 66bb1ca wrap delete method
  • b24a438 Merge branch 'master' into develop
  • 2a86afe update bower version
  • 51dabd3 Merge tag 'v2.0.0' into develop
  • b24eeb8 Merge branch 'release/v2.0.0'
  • 0b87c85 prepare version 2.0.0
  • 1647da9 version 2.0.0
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic