search

latticejs / lattice

Framework integration
17 stars 5 forks source link

[Snyk] Fix for 1 vulnerabilities #488

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YUP-2420835		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: graphql-shield The new version differs by 250 commits.
  • a7d61d1 fix(deps): update dependency yup to ^0.30.0
  • 5484745 chore(deps): update dependency @ types/node to v14.14.8
  • f074539 chore(deps): update dependency semantic-release to v17.2.3
  • 15fd319 chore(deps): update dependency @ types/node to v14.14.7
  • f5b0d02 chore(deps): update dependency ts-jest to v26.4.4
  • 9091266 chore(deps): update dependency jest to v26.6.3
  • 63173f0 chore(deps): update dependency codecov to v3.8.1
  • 5d29b22 chore(deps): update dependency jest to v26.6.2
  • 227d0bb Merge pull request #957 from maticzav/dependabot/npm_and_yarn/examples/basic/object-path-0.11.5
  • fecd62d Merge branch 'master' into dependabot/npm_and_yarn/examples/basic/object-path-0.11.5
  • 2d898b0 Merge pull request #982 from maticzav/deps/bump
  • 65c6388 feat: bump deps
  • 16ff354 chore(deps): bump object-path from 0.11.4 to 0.11.5 in /examples/basic
  • ac464f4 Merge pull request #952 from maticzav/dependabot/npm_and_yarn/npm-user-validate-1.0.1
  • 57457bd chore(deps): bump npm-user-validate from 1.0.0 to 1.0.1
  • 5e03796 chore(deps): update dependency apollo-server to v2.19.0
  • 85d8fd5 chore(deps): update dependency semantic-release to v17.2.2
  • 0c4a8b7 fix(deps): update dependency @ types/yup to v0.29.9
  • 576db98 chore(deps): update dependency @ types/node to v14.14.6
  • 98ca60b chore(deps): update dependency typescript to v4.0.5
  • 0e16ff2 chore(deps): update dependency @ types/node to v14.14.5
  • 7b56408 chore(deps): update dependency graphql to v15.4.0
  • 9f0d5cc chore(deps): update dependency ts-jest to v26.4.3
  • debe4fa chore(deps): update dependency @ types/node to v14.14.3
See the full diff
Package name: yup The new version differs by 116 commits.
  • 31bbfc3 Publish v0.30.0
  • d225b5d chore: fix lockfile
  • f08d507 fix: defined() so it doesn't mark a schema as nullable
  • 57d42a8 fix: uuid's regexp (#1112)
  • 15a0f43 fix: security Fix for Prototype Pollution - huntr.dev (#1088)
  • 040c40d docs: Clarify return value of mixed.test (#1089)
  • e616039 chore(deps): update all non-major dependencies (#1087)
  • 7fd80aa fix: IE11 clone() (#1029)
  • 7459544 chore: bump lodash (#1071)
  • 66bb500 chore(deps): update all non-major dependencies (#1069)
  • 6096064 feat: exposes context on mixed.test function and add originalValue to context (#1021)
  • a56655d chore(deps): update all non-major dependencies (#1058)
  • 0dcfa21 chore(deps): update all non-major dependencies (#1049)
  • 7573a1a chore: upgrades property-expr dependency to 2.0.4 (#1048)
  • a3f94b0 chore(deps): update all non-major dependencies (#1044)
  • ed49b9e chore(deps): update all non-major dependencies (#1037)
  • 02f59ad chore(deps): update dependency eslint-plugin-jest to v24 (#1030)
  • a5f55a4 chore(deps): update all non-major dependencies (#1031)
  • ce83c0b chore(deps): update all non-major dependencies (#1025)
  • 01da7e1 perf: reduce function calls for shallower stacks (#1022)
  • dcae108 feat!: remove sync promise implementation and use callbacks internally (#1019)
  • 70e39ef Update issue templates
  • f8d5189 chore(deps): update all non-major dependencies (#1014)
  • 234b296 chore(deps): update all non-major dependencies (#1011)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution