Closed snyk-bot closed 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
SNYK-JS-DEXIE-2607042
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: dexie
The new version differs by 49 commits.- c698052 Build output
- 8665bf7 Merge remote-tracking branch 'origin/releases-3' into master-3
- 8939c1d Releasing v3.2.2
- c921a2c Resolve #1473
- 7e34806 Update .travis.yml
- 1d655a6 Prohibit prototype pollution
- ea55dcc Build output
- b350b8c Releasing v3.2.1
- 7a606b5 Merge remote-tracking branch 'origin/releases-3' into master-3
- 7b08108 Build output
- 6a9ee6f Releasing v3.2.1-beta.2
- 643a7a5 Merge remote-tracking branch 'origin/releases-3' into master-3
- d4253e1 Enable Sponsor button
- 7cd766c Updated link to pre-published dexie-cloud todo app
- fe682ef liveQuery vanilla HTML sample
- bd77573 Last correction (I hope) to get exports-field right
- 2b5be52 Prohibit dual package hazard
- 4b0bd27 Updated exports field:
- 0c19de6 Bump tmpl from 1.0.4 to 1.0.5 in /samples/dexie-cloud-todo-app
- 49cc643 Bump highlight.js from 10.4.0 to 10.7.3 in /samples/vue
- 66fa9bd Bump elliptic from 6.5.3 to 6.5.4 in /samples/vue
- cae4643 Bump y18n from 4.0.0 to 4.0.3 in /samples/vue
- c826b3e Bump lodash from 4.17.20 to 4.17.21 in /samples/vue
- 9452f52 Bump ssri from 6.0.1 to 6.0.2 in /samples/vue
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution