eloquence / lib.reviews

A free/libre code and information platform for reviews of anything
Creative Commons Zero v1.0 Universal
173 stars 13 forks source link

[Snyk] Security upgrade snyk from 1.381.1 to 1.425.4 #251

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-Y18N-1021887
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk The new version differs by 250 commits.
  • 80b5a4d Merge pull request #1524 from snyk/chore/bump-snyk-config-test
  • 16d5ab6 fix: use snyk-config version v4.0.0-rc.2
  • 312ca91 Merge pull request #1516 from snyk/fix/dont-create-json-if-you-dont-need-it
  • f6d7217 fix: don't create JSON if we don't need it
  • f075a13 Merge pull request #1515 from bgeveritt-snyk/fix/nuget-diff-target-monikers
  • f07878d Merge pull request #1519 from snyk/fix/handle-poetry-dependencies-with-underscores
  • 18905cc fix: up python plugin version to autoresolve dependencies w/ underscores
  • 17c5e42 Merge pull request #1517 from snyk/feat/empty-manifest-graceful-error
  • b441582 feat: bump python plugin version to include graceful fail when no deps
  • 7012caa fix: add json module with jsonStringifyLargeObject
  • b8eab37 fix: bump nuget plugin to fix diff target monikers
  • 8b14d00 Merge pull request #1512 from snyk/fix/k8s-object-requirements
  • bb7efaf fix: remove spec requirement
  • 50ec62d Merge pull request #1513 from snyk/refactor/iac-owenrship
  • 8375bf7 refactor: fix iac codeowners
  • 90b61dd Merge pull request #1508 from snyk/fix/improve-error-message-for-scanning-an-image-that-doesnt-exist
  • a5ccb25 fix: Improve error message for scanning an image that doesn't exist
  • 47189a5 Merge pull request #1509 from snyk/DC-998/fix-headers-docker-desktop
  • 32f23aa Merge pull request #1502 from snyk/smoke/docker-root
  • 27b838e fix: incorrect header sent for Docker Desktop requests
  • cb5beb9 Merge pull request #1507 from snyk/fix/support-globs-pattern-yarn-workspaces
  • 5554acf fix: support globs pattern in yarn workspaces definitions
  • c095596 test(smoke): scenario where root user installing Snyk
  • 4f4936d Merge pull request #1504 from snyk/feat/add-jar-scanning-inside-container
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

eloquence commented 3 years ago

(Handled independently.)