punchcard-cms / punchcard

The Punchcard CMS
Apache License 2.0
31 stars 19 forks source link

[Snyk] Security upgrade config from 1.31.0 to 3.3.1 #720

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: config The new version differs by 83 commits.
  • c86ba2a Resolved security vulnerability in json5
  • dfcd2de Delete _config.yml
  • 0ba1d51 Set theme jekyll-theme-minimal
  • 080d9f9 Prepare for 3.3.0 publish
  • 945aed3 Merge pull request #582 from fostyfost/master
  • c42e3fa Allow all defined values in `substituteDeep`
  • 9fa7022 Updated copyright dates
  • d3616e6 Updated copyright dates
  • 21d3094 Prepare for 3.2.5 publish
  • 3268b40 Merge pull request #585 from dekelev/master
  • dbcddbb Fixed issue with getCustomEnvVars method and multiple config dirs
  • 58f8f89 Merge pull request #581 from JMackie80/master
  • 9ba0aa0 Update README.md
  • 1c59823 Update for 3.2.4 publish
  • e8539b7 Merge pull request #579 from leonardovillela/master
  • c8d815c Improved error handling of env variables value parse
  • 7292a77 For 3.2.3 publish
  • e334cfa Improve diagnostic when custom env file can't be read.
  • 2565a3f Updates for 3.2.2 publish
  • 05fa30c Merge pull request #568 from iMoses/master
  • c38a447 Fix #567 - Missing path.delimiter breaks windows absolute paths
  • 9b73f6a Prep for 3.2.1 publish
  • ced8854 Merge pull request #565 from leosuncin/fix/lorenwest-node-config-564
  • df30f74 test: Update util.js to check object with `__proto__ = null` and Map objects
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution