search

raindigi / reaction

Reaction is a customizable, real-time reactive, JavaScript commerce platform.
https://reactioncommerce.com/
GNU General Public License v3.0
0 stars 0 forks source link

[Snyk] Security upgrade transliteration from 2.1.2 to 2.1.8 #150

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: transliteration The new version differs by 41 commits.
  • cd263d4 minor change
  • 8b02d7c update data
  • f81709a bump version
  • 46d4637 Fix data issues
  • 94f889d Update dependencies
  • 2e69409 Update dependency rollup-plugin-typescript2 to v0.24.2
  • 21b6dd3 Update dependency rollup to v1.21.4
  • b659420 Update dependency ts-node to v8.4.1
  • 1d886a1 Update dependency codecov to v3.6.0
  • 3d6f8d4 Update dependency rollup-plugin-typescript2 to v0.24.1
  • 2cf4db7 Update dependency tslint to v5.20.0
  • c2d1f14 Update dependency rollup to v1.21.2
  • dae431e Bump to 2.1.7
  • 1c9e060 Update dependency rollup to v1.21.0
  • 559bbd2 update dependencies
  • 433e7e2 update dependencies
  • 116948e Update dependency execa to v2.0.4
  • 52b958d Update dependency rollup-plugin-commonjs to v10.1.0
  • 5b62004 Update dependency core-js to v3.2.1
  • d028417 Update dependency @ types/yargs to v13.0.2
  • 39e14d7 Update babel monorepo
  • 6fe8d27 Update dependency rollup-plugin-terser to v5.1.1
  • 1c9ffc1 Update dependency rollup-plugin-uglify to v6.0.3
  • 6a86dd5 Update dependency tslint to v5.19.0
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic