search

newrelic / nr1-learn-nrql

NR1 learn NRQL helps New Relic Customers quickly learn our custom query language - NRQL
Apache License 2.0
20 stars 15 forks source link

[Snyk] Security upgrade i18next from 19.8.2 to 19.8.5 #25

Closed jthurman42 closed 3 years ago

jthurman42 commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-I18NEXT-1065979		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: i18next The new version differs by 19 commits.
  • aeab3ca 19.8.5
  • f58c423 new version
  • 932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
  • 2dc8267 Merge pull request #1533 from pravi/update-rollup-plugin-babel
  • dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
  • 4f9ef14 Merge pull request #1532 from pravi/update-node-resolve-plugin
  • a90fb69 chore: update rollup and plugins
  • ad88092 use fallbackLng as default lng
  • ba564b3 19.8.4
  • 1816290 prepare new release
  • 1ed5a71 Updated FormatFunction signature to match codebase (#1520)
  • 2516e89 Update config.yml
  • 94dd384 Update config.yml
  • 877e250 commit build result
  • fa98508 Merge pull request #1518 from KristjanESPERANTO/patch-1
  • 749519e Update URLs
  • 03ef4ed 19.8.3
  • ed6169f fix prototype pollution with constructor
  • 5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (#1513)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

nr-opensource-bot commented 3 years ago

:tada: This PR is included in version 1.3.2 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: