[Snyk] Security upgrade admin-lte from 2.4.18 to 3.1.0 - Githubissues

jsdecena / laracom

Laravel FREE E-Commerce Software

https://jsdecena.github.io/laracom

1.91k stars 861 forks source link

[Snyk] Security upgrade admin-lte from 2.4.18 to 3.1.0 #269

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- project/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	544/1000 Why? Has a fix available, CVSS 6.6	Cross-site Scripting (XSS) SNYK-JS-ADMINLTE-1047343	Yes	No Known Exploit
	669/1000 Why? Has a fix available, CVSS 9.1	Cross-site Scripting (XSS) SNYK-JS-ADMINLTE-584564	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-CHARTJS-1018716	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: admin-lte

The new version differs by 250 commits.

c641d7f update docs assets
229ec8e update dist files
c45bfe8 bump version number
2f5db1b Bump eslint-plugin-unicorn from 28.0.2 to 29.0.0 (#3527)
0e5d965 Fix: sidebar light in dark-mode (#3526)
c81bc3c bump bundlewatch size
aceb8c6 bump bundlewatch sizes
9cd655d add permanent-btn-iframe-close class
d7678db Merge pull request #3525 from danny007in/example-branch
5a2c03c update plugin files
164354c update dependencies & devDependencies
22e087a fixed nav tabs border inside card header
c09d842 update url of Bootstrap 4 - Tempus Dominus
4e5cb3e add datetime example
4b73f9c Merge pull request #3522 from danny007in/dark-mode-in-docs
3810eb2 add mt-2 to sidebar-search in docs
e7ed74d Enhance: dark-mode in docs
18bc68f Adding Lua Server Pages implementation info in Docs (#3512)
4a43243 update docs (#3511)
ce8e766 Bump rollup from 2.40.0 to 2.41.2 (#3509)
5f0f0aa Bump datatables.net-bs4 from 1.10.23 to 1.10.24 (#3504)
2517f63 Bump @ babel/core from 7.13.8 to 7.13.10 (#3503)
7ac5e82 Bump datatables.net from 1.10.23 to 1.10.24 (#3508)
e32abe9 Bump @ babel/preset-env from 7.13.9 to 7.13.10 (#3506)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic