search

mike-goodwin / owasp-threat-dragon

An open source, online threat modelling tool from OWASP
http://mike-goodwin.github.io/owasp-threat-dragon/
Apache License 2.0
481 stars 130 forks source link

[Snyk] Security upgrade owasp-threat-dragon-core from 0.7.1 to 0.8.0 #137

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-JQUERY-174006		 No No Known Exploit
high severity Prototype Pollution
SNYK-JS-LODASH-450202		 No Proof of Concept
Commit messages
Package name: owasp-threat-dragon-core The new version differs by 29 commits.
  • 4e818da update version
  • 5bf0025 Merge pull request #100 from mike-goodwin/update-tests
  • 53524e3 Update occasional failure
  • 029d4d8 Fix failing test
  • 9a21444 Merge pull request #99 from jgadsden/remove-zoom
  • 0ac4c97 removed diagram zoom buttons
  • 01a6102 Merge pull request #98 from jgadsden/enable-save
  • 1f2aad5 Enable Save and Reload buttons
  • 9ae3943 Merge pull request #93 from jgadsden/canvas-size
  • 097fa41 reset paper size on diagram clear
  • d140c97 Merge pull request #86 from jgadsden/element-description
  • fd01fba add description to diagram elements except boundary
  • fd191e2 Merge pull request #83 from andk123/createBoundaryName
  • f7ee7db Reduce function size
  • b9a548f Merge pull request #85 from mike-goodwin/update-deps
  • 0f52829 reverting jointjs back to 2.2.1
  • b934073 update dependencies
  • c9ac6d5 More refactoring
  • c89ca84 Expand test for boundary
  • 4018e04 Add cannot modify threats on boundary + Small fix
  • 42132ed Fix settings not displayed + No name applied by default
  • 2d61a1d Built all files
  • ef23413 Built templates.js
  • 54c042c Refactor code and test added
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

codecov[bot] commented 4 years ago

Codecov Report

Merging #137 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #137   +/-   ##
=======================================
  Coverage   97.93%   97.93%           
=======================================
  Files          25       25           
  Lines         532      532           
  Branches       29       29           
=======================================
  Hits          521      521           
  Misses         11       11

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update fdf6cf3...d1830a5. Read the comment docs.

guardrails[bot] commented 4 years ago

:warning: We detected security issues in this pull request:

Vulnerable Libraries (2) - [constantinople@3.0.2](https://github.com/mike-goodwin/owasp-threat-dragon/blob/d1830a547687d8fec05ce8cc11eacf554cd7c9ab/package.json#Lnull) upgrade to `>=3.1.1` - [minimatch@2.0.10](https://github.com/mike-goodwin/owasp-threat-dragon/blob/d1830a547687d8fec05ce8cc11eacf554cd7c9ab/package.json#Lnull) upgrade to `>=3.0.2` More info on how to fix Vulnerable Libraries in [Javascript](https://www.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

πŸ‘‰ Go to the dashboard for detailed results.

πŸ“₯ Happy? Share your feedback with us.