search

mike-goodwin / owasp-threat-dragon-core

OWASP Threat Dragon core files
Apache License 2.0
11 stars 16 forks source link

[Snyk] Security upgrade jointjs from 2.2.1 to 3.4.2 #129

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-JOINTJS-1579578		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jointjs The new version differs by 250 commits.
  • f42a9bf Release v3.4.2 (#1515)
  • e5bf89e util.setByPath() - prevent prototype pollution (#1514)
  • 32660d1 dia.CellView: update typings for ES6 class extension (#1512)
  • 3bbc440 dia.Cell: fix toJSON() when defaults() is defined as a method (#1513)
  • 322963b tutorials: add custom attributes tutorial (#1507)
  • b14d173 Vectorizer: fix multi-line text line heights when 100% of the line is annotated
  • 4244d7a Update package-lock.json (#1510)
  • 16c6ec8 Release v3.4.1 (#1505)
  • 1c704bd dia.attributes: support calc() in transform attribute (#1509)
  • 0461ff6 dia.CellView: use util.result for presentationAttributes and initFlag (#1506)
  • 19244ca build(deps): bump urijs from 1.19.1 to 1.19.7 (#1504)
  • 3deff52 utils: fix namespaceURI in MarkupNodeJSON TS def (#1503)
  • 7d88204 Create SECURITY.md (#1501)
  • 889f1d2 dia.attributes: fix displayEmpty docs (#1499)
  • 3adb394 dia.ElementView: prevent unnecesary reparenting after invalid unembedding (#1498)
  • addcb65 dia.HighlighterView: fix options TS def (#1497)
  • 032e16c dia.HighlighterView: fix typo in docs (#1496)
  • 5d99ff1 Fix Travis CI
  • c37a402 dia.LinkView: add sourceAnchor and targetAnchor typescript definition (#1495)
  • caa5a6d Release v3.4.0 (#1483)
  • b05289f routers.Manhattan: add isPointObstacle option (#1493)
  • 2ff5749 dia.Paper: validateUnemedding() option reverts z-indices and child positions (#1492)
  • ed4ac55 dia.attributes: use calc() in various SVG attributes (#1491)
  • 15a6429 dia.Paper: add routerNamespace and connectorNamespace options, document missing namespace options (#1490)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic