This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade ramda from 0.26.1 to 0.29.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version.
- The recommended version was released **4 months ago**, on 2023-10-05.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **490/1000** **Why?** Has a fix available, CVSS 5.3 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: ramda
The addition of R.then in Ramda 0.26 made the R object
a Promise-like object, and meant that Promise.resolve() will attempt
to resolve it by calling the then() method. R is not a Promise, and
to reassure JavaScript of this fact, R.then is renamed to R.andThen.
</li>
</ul>
from <a href="https://snyk.io/redirect/github/ramda/ramda/releases">ramda GitHub release notes</a>
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade ramda from 0.26.1 to 0.29.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **4 months ago**, on 2023-10-05. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **490/1000**
**Why?** Has a fix available, CVSS 5.3 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: ramda
Upgrade guide: #3415
π addIndexRight
π isNotNil
π swap
π dropRepeatsBy
Removed
Deprecated
Changes
Thank you to everyone who contributed to this release!
Update dependencies
The addition of R.then in Ramda 0.26 made the R object
a Promise-like object, and meant that Promise.resolve() will attempt
to resolve it by calling the then() method. R is not a Promise, and
to reassure JavaScript of this fact, R.then is renamed to R.andThen.
Commit messages
Package name: ramda
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
π§ View latest project report
π Adjust upgrade PR settings
π Ignore this dependency or unsubscribe from future upgrade PRs