delphi-hub / delphi-management

The management console for the Delphi platform
https://delphi.cs.uni-paderborn.de/
Apache License 2.0
2 stars 5 forks source link

[Snyk] Security upgrade ajv from 6.10.2 to 6.12.3 #165

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908
No No Known Exploit
Commit messages
Package name: ajv The new version differs by 127 commits.
  • 521c3a5 6.12.3
  • bd7107b Merge pull request #1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
  • 9c26bb2 Merge pull request #1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
  • c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
  • 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
  • d6aabb8 test: remove node 8 from travis test
  • c4801ca Merge pull request #1242 from ajv-validator/refactor
  • 988982d ignore proto properties
  • f2b1e3d whitespace
  • 65e3678 Merge pull request #1239 from GrahamLea/patch-1
  • 68d72c4 update regex
  • 9c009a9 validate numbers in multipleOf
  • 332b30d Merge pull request #1241 from ajv-validator/refactor
  • 1105fd5 ignore proto properties
  • 65b2f7d validate numbers in schemas during schema compilation
  • 24d4f8f remove code post-processing
  • fd64fb4 Add link to CSP section in Security section
  • 0e2c346 Add Contents link to CSP section
  • c581ff3 Clarify limitations of ajv-pack in README
  • 0006f34 Document pre-compiled schemas for CSP in README
  • 140cfa6 Merge pull request #1238 from cvlab/patch-1
  • e7f0c81 Fix mistype in README.md
  • 54c96b0 Bump eslint from 6.8.0 to 7.3.1
  • 854dbef Bump mocha from 7.2.0 to 8.0.1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic