search

mendix / hybrid-app-base

This repository contains the core files needed to build a Phonegap package for your Mendix application
9 stars 13 forks source link

[Snyk] Fix for 1 vulnerabilities #102

Open grootjans opened 1 year ago

grootjans commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: style-loader The new version differs by 165 commits.
  • 171a747 chore(release): 1.1.4
  • af1b4a9 chore(deps): update
  • a003f05 docs: add links for the options table (#460)
  • 2756e03 chore(release): 1.1.3
  • 236b243 fix: injection algorithm (#456)
  • 36bd8f1 docs: fix typos (#453)
  • de38c39 chore(release): 1.1.2
  • 91ceaf2 fix: algorithm for importing modules (#449)
  • 1138ed7 fix: checking that the list of modules is an array (#448)
  • aa418dd chore(release): 1.1.1
  • 7ee8b04 fix: add empty default export for `linkTag` value
  • c69ea6c chore(release): 1.1.0
  • c7d6e3a fix: order of imported styles (#443)
  • a283b30 test: more manual test (#442)
  • 3415266 feat: `esModule` option (#441)
  • 907aed8 test: refactor (#440)
  • 28e1628 refactor: code (#438)
  • 5c51b90 refactor: cjs (#437)
  • 609263a test: refactor
  • 7768fce chore(release): 1.0.2
  • dcbfadb fix: support ES module syntax (#435)
  • d515edc chore(deps): update (#434)
  • 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (#432)
  • c6164d5 chore(release): 1.0.1
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/appdev/project/1e73a55e-d610-41bf-be17-b5e9ce39ab2b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/appdev/project/1e73a55e-d610-41bf-be17-b5e9ce39ab2b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"151a4e98-e5f3-45fd-8be2-9667f0a91403","prPublicId":"151a4e98-e5f3-45fd-8be2-9667f0a91403","dependencies":[{"name":"babel-loader","from":"8.2.3","to":"8.2.4"},{"name":"style-loader","from":"0.13.2","to":"1.1.4"}],"packageManager":"npm","projectPublicId":"1e73a55e-d610-41bf-be17-b5e9ce39ab2b","projectUrl":"https://app.snyk.io/org/appdev/project/1e73a55e-d610-41bf-be17-b5e9ce39ab2b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-LOADERUTILS-3043105"],"upgrade":["SNYK-JS-LOADERUTILS-3043105"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[661]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript//?loc=fix-pr)