[Snyk] Security upgrade tap-spec from 2.2.2 to 4.1.0 - Githubissues

jamesleesaunders / d3-x3d

3D Data Driven Charting Library with D3 and X3D

https://jamesleesaunders.github.io/d3-x3d/

GNU General Public License v2.0

110 stars 22 forks source link

[Snyk] Security upgrade tap-spec from 2.2.2 to 4.1.0 #225

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	292/1000 Why? Proof of Concept exploit, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	375/1000 Why? CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: tap-spec

The new version differs by 18 commits.

9526f8b Merge pull request #39 from scottcorgan/error-swallowing
7b3436e Update version and deps
f545002 Use figures for symbols output. Closes #36
9986c4d Exit 1 on 0 tests. Fixes #30. Fixes #38.
a8f6237 Link badges to NPM
d27f42a Print out comments. Fixes #33
cb83622 bug: correct formatting for failed assertions. Fixes #35
24d2867 Include expected/actual information next to failing tests.
6a09881 docs: add badges
a7f0f1a Update README.md
3433eb5 docs: add new screenshot to readme
048081a Merge branch '3.0'
f6cdb47 deps: tap-out 1.1.3
1836b58 beautiful error output. Closes #17
8e78010 correct line separation
11c7a43 Fix passing test output
9e1e865 get duration working again
e109209 debt: remove remaining test numbers

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution 🦉 Denial of Service (DoS)