search

mskg / tabler-world-mobile

TABLER.APP for Round Table International TABLER.WORLD
https://rtionlinevision.com
GNU Affero General Public License v3.0
11 stars 5 forks source link

[Snyk] Upgrade date-and-time from 0.12.0 to 0.14.2 #186

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade date-and-time from 0.12.0 to 0.14.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-DATEANDTIME-1054430		 479/1000
Why? Has a fix available, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: date-and-time from date-and-time GitHub release notes
Commit messages
Package name: date-and-time
  • b5378fb Updated config.yml
  • a0a838d Updated config.yml
  • f7a78ff Updated config.yml
  • 6dab608 Updated README.md
  • 0bda3b4 Bump version
  • 9e4b501 Fixed regular expression denial of service (ReDoS) vulnerability
  • 73103a3 Merge branch 'dependabot/npm_and_yarn/bl-4.0.3' into master
  • 93bf9da Bump bl from 4.0.2 to 4.0.3
  • 5597efa Merge branch 'develop' into master
  • c158464 Updated README.md
  • 1748bc2 Bump version
  • 9f7941c #41 Fixed a bug characters inside square brackets are not validated
  • 6f726d9 Merge branch 'develop'
  • a46f69a Updated README.md
  • c75f35f Updated PLUGINS.md
  • 800f69a Updated LOCALE.md
  • 5235ebb Bump version
  • 6a8c42b Changed methods of importing of locales and plugins.
  • 0109c42 Merge branch 'dependabot/npm_and_yarn/lodash-4.17.19' into develop
  • ad8d3f8 Bump lodash from 4.17.15 to 4.17.19
  • a5f31dc Bump version
  • eb6146e Fixed a security vulnerability
  • a3167d3 Merge branch 'develop'
  • 1a21e87 Merge pull request #37 from knowledgecode/dependabot/npm_and_yarn/acorn-7.1.1
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs