dequelabs / grunt-axe-webdriver

Mozilla Public License 2.0
12 stars 11 forks source link

[Snyk] Security upgrade junit-report-builder from 1.2.0 to 1.3.1 #73

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 561/1000
Why? Recently disclosed, CVSS 9.8
Prototype Pollution
SNYK-JS-LODASH-590103
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: junit-report-builder The new version differs by 19 commits.
  • 2724478 release 1.3.1
  • a9f73af Merge pull request #7 from davidparsson/update-production-dependencies
  • 439ac72 Update dependencies lodash and xmlbuilder
  • c3c8731 Run tests for node.js 8 and 10 as well
  • 2b9fa51 Release 1.3.0
  • 33aa12e Merge pull request #4 from anto-wahanda/add-attachment
  • 23dd29c Update grunt-contrib-watch
  • f5e017a Add package-lock.json
  • 8aea007 Test that quotes are escaped
  • 94209a7 Fixed syntax for backwards compability with older versions of nodejs
  • c0905aa Merge branch 'master' into add-attachment
  • 4b0f884 Pin version of grunt-jasmine-nodejs
  • 4576368 Adding ability to include attachment in system-err
  • 98ac018 Inline emoji instead of String.fromCodePoint()
  • 74dc5c3 Update readme with credits
  • f05040f Test emojis in CDATA tags
  • 022a041 Test node.js 0.10, not 0.1
  • de92a97 Test more node.js versions
  • 789e1fc Don't require sudo in travis builds
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

CLAassistant commented 4 years ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.