gs1 / GS1_DigitalLink_Resolver_CE

The GS1 DigitalLink Resolver Community Edition
Apache License 2.0
41 stars 26 forks source link

[Snyk] Security upgrade xss from 1.0.8 to 1.0.10 #43

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-XSS-1584355
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: xss The new version differs by 108 commits.
  • 380a4ba publish: v1.0.10
  • 699acde fix: #239 stripCommentTag DoS attack
  • 9cbe2f1 Create SECURITY.md
  • bdd1b03 chore: fix nodejs.yml remove node-version 8.x
  • 3be6a07 chore: update devDependencies to latest version
  • 948dfb1 docs: update CI badge
  • 831a6a2 chore: github action nodejs.yml run test-cov instead of test
  • 0ba3cdb chore: remove .travis.yml
  • cdee88e chore: fix github action nodejs.yml
  • 624aba9 chore: add github action nodejs.yml
  • 901b771 style: reformat all source code by prettier
  • 0b15109 docs: update changelog
  • 3e153f5 fix: typings `onTag` options
  • 82cb63f docs: update changelog
  • a1d9b44 fix: typings IWhiteList allow any tag name
  • 005098b feat: Add `<strike>` to default whitelist
  • dcf1486 feat: Add `<audio crossorigin muted>`, `<video crossorigin muted playsinline poster>` to default whitelist
  • f4c0b29 Merge pull request #220 from daraz999/patch-1
  • 2f5dd55 fix: recover `<summary>` on the default whitelist
  • d94ac2a publish: v1.0.9
  • 4452638 chore: add package-lock.json to .ignore
  • cff16d9 chore: build dist
  • 730a0b5 Merge pull request #218 from TomAnthony/fix-whitespace-bypass
  • 6586f49 Merge pull request #216 from spacegaier/patch-1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic