[Snyk] Security upgrade ramda from 0.24.1 to 0.27.2 - Githubissues

hemanth / ramda-repl

Ramdajs REPL.

MIT License

28 stars 6 forks source link

[Snyk] Security upgrade ramda from 0.24.1 to 0.27.2 #32

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ramda

The new version differs by 250 commits.

1a5d40b Version 0.27.2
4d8e8f0 Merge pull request #3212 from ramda/davidchambers/trim
94d0570 Security fix for ReDoS (#3177)
8ae355e update test string for trim
6bb8eea Version 0.27.1
ed191e6 Merge pull request #2832 from kibertoad/chore/update-dependencies-2
20ba763 Update dependencies
a6620f6 Update Babel to v7 (#2829)
2705518 Execute tests on Node 12 (#2828)
c45208e hasPath return false for non-object checks (#2825)
0baeda1 updated invoker.js documentation (#2821)
072d417 Including BR translation. (#2621)
ca1e2b5 add an example which covers error and value (#2806)
271b044 docs: Add @ since where it is missing (#2793)
ac58c96 Update `pathSatisfies` to handles empty `path` arguments (#2791)
b25ac73 Fix typo in split docs (#2792)
7d55e91 Add R.xor (Exclusive OR) (#2646)
efd899b feature: adding paths operator - #2740 (#2742)
235a370 fix: rename then to andThen (#2772)
8d59032 Fix broken link in readme (#2768)
38feed2 remove erroneous quotes in tryCatch documentation (#2765)
ce4f936 fix `@ since` in `includes` (#2764)
626762b Reference to Ramda Conventions wiki page (#2718)
878cacd Add prebench script (#2759)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic