[Snyk] Security upgrade next from 9.3.4 to 10.2.0 - Githubissues

leighs-hammer / shopify-app-boilerplate-nextjs-redux-nosql

serverless shopify app boilerplate using react typescript redux polaris mongoDB

https://shopify-app-boilerplate-v2.now.sh

31 stars 3 forks source link

[Snyk] Security upgrade next from 9.3.4 to 10.2.0 #28

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	No Known Exploit
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

6b97bce v10.2.0
0abbb75 v10.1.4-canary.18
b26077b Upgrade postcss (#24546)
53c19ff Test fixes for Babel mode (#24312)
f3d5183 Remove experimental note for has routes (#24529)
5de5e49 feat: bump styled-components lib version examples (#24482)
0f2bd4f v10.1.4-canary.17
efa58ef Ensure stalled CSS triggers fallback navigation (#24488)
fff183c Font optimization bug fix (#24162)
fc53879 Fix: Object Destructuring Error (#24397)
cac9ccf Ensure proxy rewrite does not hang on error (#24394)
cf4ba8d Upgrade eslint to the latest version (#24377)
08ee60d [next] update initial config message (#23165)
a6ba432 Now -> Vercel in api-routes-rest (#24431)
29402f3 Replace experimental `reactMode` with `reactRoot` (#24280)
2743a74 v10.1.4-canary.16
a9d2f2f Update 3.feature_request.yml
f904615 Update 2.example_bug_report.yml
4aa0ba7 Update 1.bug_report.yml
40216be Workaround for discrete passive effects change (#24369)
079c629 experimental: remove legacy plugin system (#20759)
cce82cd Fix side effects in router-is-ready tests (#24360)
1e9f459 v10.1.4-canary.15
6cd1c87 Fix not exposing server errors in hot reloader (#24331)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

vercel[bot] commented 3 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/leighbarnes/shopify-app-boilerplate-v2/3n5Lp2WFfFyUA2WXrgCfC6cCpXvy
✅ Preview: Failed