search

raindigi / reaction

Reaction is a customizable, real-time reactive, JavaScript commerce platform.
https://reactioncommerce.com/
GNU General Public License v3.0
0 stars 0 forks source link

[Snyk] Security upgrade transliteration from 2.1.2 to 2.2.0 #109

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: transliteration The new version differs by 81 commits.
  • c9d7285 bump version
  • 51b06ba Merge branch 'master' of https://github.com/dzcpy/transliteration
  • ec3cbe7 - Fix #229 data issue
  • 5e990ed fix typo in slugify lowercase description
  • 3654e96 chore(deps): update dependency rollup-plugin-babel to v5.0.0-alpha.2
  • 08ce30a fix:
  • 1219955 fix: fix #223
  • 0ed71a5 upgrade dependencies
  • e85eb78 Update dependency @types/yargs to v15.0.3
  • 21bfb58 Update dependency codecov to v3.6.5 [SECURITY]
  • 222d723 Update dependency typescript to v3.8.2
  • c300007 Update dependency rollup to v1.31.0
  • 0a80c1c Update dependency codecov to v3.6.4
  • 22bbf24 Update dependency rollup to v1.30.1
  • 0867f42 Update dependency @types/yargs to v15.0.2
  • 44bdd70 Update dependency rimraf to v3.0.1
  • 04cd64f Update babel monorepo to v7.8.4
  • 66529fc Update dependency codecov to v3.6.2
  • 855fbc3 Update dependency @types/yargs to v15.0.1
  • 9e66344 Update dependency rollup to v1.29.1
  • ccd7ab1 Update package.json
  • 2ef5a30 Update dependency @types/yargs to v15
  • 19484d6 Update dependency typescript to v3.7.5
  • d437bce Update dependency @types/yargs to v13.0.5
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic