search

microsoft / powerbi-visuals-heatmap

powerbi-visuals-heatmap
MIT License
28 stars 27 forks source link

[Snyk] Fix for 1 vulnerabilities #93

Closed uve closed 1 year ago

uve commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **713/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4 | Prototype Pollution
[SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: css-loader The new version differs by 149 commits.
  • 7857d8f chore(release): 4.0.0
  • 5604205 feat: support `file:` protocol
  • 5303db2 chore(deps): update (#1131)
  • 9aa0549 chore(deps): update
  • a54c955 test: imports
  • 5b45d87 test: support in `@ import` at-rule
  • 83515fa refactor: code
  • 1c20b1e fix: parsing
  • 7f49a0a feat: `@ value` supports importing `url()` (#1126)
  • 791fff3 refactor: named export (#1125)
  • 01e8c76 refactor: change function arguments of the `import` option (#1124)
  • c153fe6 refactor: improve schema options (#1123)
  • 58b4b98 test: unresolved (#1122)
  • d2f6bd2 refactor: getLocalIdent function (#1121)
  • 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
  • fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
  • 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
  • 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
  • e1c55e4 refactor: rename the `onlyLocals` option (#1116)
  • ac5f413 refactor: code
  • a5c1b5f test: code coverange (#1114)
  • 908ecee refactor: `esModule` option is `true` by default (#1111)
  • 7cca035 test: coverange (#1112)
  • bc19ddd feat: improve `url()` resolving algorithm
See the full diff
Package name: less-loader The new version differs by 40 commits.
  • 73740a8 chore(release): 6.0.0
  • 4579dfb refactor: code (#349)
  • 1aff534 refactor: code
  • 3931470 feat: `paths` now works with webpack resolver
  • cecf183 test: appendData prependData, when they are string (#345)
  • a1cf249 refactor: moving processResult in index (#344)
  • bffbc5e refactor: import from scoped npm packages (#343)
  • b04cb0d test: import through plugin (#341)
  • 221714b test: import nested (#342)
  • 443bd5a refactor: first resolve filename in less, then in webpack (#340)
  • 82cb6a7 chore(deps): update
  • d7590b5 refactor: deleting a mention about less2 (#337)
  • fb94605 feat: added the `appendData` option (#336)
  • 24021cd fix: import alias without tilde (#335)
  • 4604f20 test: import files hosted remotely (#334)
  • 8e020e9 fix: import files hosted remotely (#333)
  • cfeccd5 chore: drop less@2 (#331)
  • 4f894bc test: fixes (#330)
  • 9df8755 feat: allow data to be prepended via `options.prependData` (#327)
  • ce03da9 docs: add example for `lessOptions` using a function (#326)
  • a6be94a feat: allow a function to be used for `lessOptions` (#325)
  • cdb611f chore: update README with examples, change lessOptions to only allow objects (#324)
  • 6fc1392 chore: remove `pify` in favour of `util.promisify` (#323)
  • fed50ba chore: remove sync check (#322)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/uve/project/01c9d413-2a17-4b4e-bb3c-6ca19a34b2d5?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/uve/project/01c9d413-2a17-4b4e-bb3c-6ca19a34b2d5?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"e913f2d3-c326-4bbf-9857-9b05365ac11b","prPublicId":"e913f2d3-c326-4bbf-9857-9b05365ac11b","dependencies":[{"name":"css-loader","from":"2.1.0","to":"4.0.0"},{"name":"less-loader","from":"4.1.0","to":"6.0.0"}],"packageManager":"npm","projectPublicId":"01c9d413-2a17-4b4e-bb3c-6ca19a34b2d5","projectUrl":"https://app.snyk.io/org/uve/project/01c9d413-2a17-4b4e-bb3c-6ca19a34b2d5?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-JSON5-3182856"],"upgrade":["SNYK-JS-JSON5-3182856"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[713]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/?loc=fix-pr)