search

raindigi / reaction

Reaction is a customizable, real-time reactive, JavaScript commerce platform.
https://reactioncommerce.com/
GNU General Public License v3.0
0 stars 0 forks source link

[Snyk] Fix for 5 vulnerabilities #133

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599		 Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		 Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601		 Yes No Known Exploit
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: envalid The new version differs by 27 commits.
  • 0f8f2a7 6.0.2
  • 83f08e8 Update node versions to test on travis (drop 8.x, add 14.x)
  • 25ee520 Dependency updates
  • 57ddb3b More dependency updates
  • 3862f8d Bump acorn from 7.1.0 to 7.1.1 (#119)
  • 0412fd6 Improve spec types with generics (#118)
  • 9164e4d Change JSON validator type to allow for stricter types (#117)
  • 3413603 6.0.1
  • a55cec8 TS definitions: stricter return type for makeValidator (#114)
  • 5fd76f1 chore: update minimum node version in readme
  • 60bab04 Change spec types to allow ReadonlyArray choices (#112)
  • 7425e66 6.0.0
  • 139e72a Update chalk dep to v3
  • 6c4b0e6 Freshen yarn.lock to fix audit warning and have consistent registry url
  • cf5c7c2 Upgrade dependencies (#108)
  • 4272c0b Remove use of very out-of-date typescript-definition-tester package
  • d0bcfe3 Update stale dependencies, require node >= 8.12
  • 1a6a354 Bump mixin-deep from 1.3.1 to 1.3.2 (#106)
  • 8c150fe Bump eslint-utils from 1.3.1 to 1.4.3 (#107)
  • 50991b0 Allow checking __esModule in strict mode for TypeScript compatibility (#103)
  • ad2f612 Update node versions for travis
  • cdbf685 Update dependencies
  • 1e34b5f 5.0.0
  • b22bd90 Update eslint and exclude typescript example from linting
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic