Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 6.5
SNYK-JS-SHARP-2848109
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SIMPLSCHEMA-1016157
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @reactioncommerce/api-plugin-settings
The new version differs by 22 commits.- a9ece33 Merge pull request #15 from reactioncommerce/snyk-upgrade-3d17ab71e812b00006c4682ce0f10e6d
- ede9480 Merge pull request #18 from reactioncommerce/dependabot/npm_and_yarn/glob-parent-5.1.2
- 95a3305 chore(deps): Bump glob-parent from 5.1.1 to 5.1.2
- 1b38912 Merge pull request #17 from reactioncommerce/dependabot/npm_and_yarn/normalize-url-5.3.1
- f5b5fe1 chore(deps): Bump normalize-url from 5.3.0 to 5.3.1
- df33e45 Merge pull request #16 from reactioncommerce/dependabot/npm_and_yarn/browserslist-4.16.6
- f3b31d2 chore(deps): Bump browserslist from 4.14.7 to 4.16.6
- 85dc267 fix: upgrade simpl-schema from 1.10.2 to 1.12.0
- fe992ec Merge pull request #12 from reactioncommerce/dependabot/npm_and_yarn/handlebars-4.7.7
- 83e2344 Merge pull request #13 from reactioncommerce/dependabot/npm_and_yarn/hosted-git-info-2.8.9
- cdcf907 Merge pull request #14 from reactioncommerce/dependabot/npm_and_yarn/simpl-schema-1.10.2
- 2fb1d93 chore(deps): Bump simpl-schema from 1.7.3 to 1.10.2
- dcb835c chore(deps): Bump hosted-git-info from 2.8.8 to 2.8.9
- 4e0ce0c chore(deps): Bump handlebars from 4.7.6 to 4.7.7
- e471ffe Merge pull request #11 from reactioncommerce/dependabot/npm_and_yarn/ini-1.3.8
- b54f860 chore(deps): Bump ini from 1.3.5 to 1.3.8
- e6140a2 Merge pull request #10 from reactioncommerce/clean-up-package-lock
- f14e4da chore: fresh package-lock with proper public npm registry
- 3402e9d Merge pull request #8 from reactioncommerce/dependabot/npm_and_yarn/npm-6.14.8
- d290463 chore(deps): Bump npm from 6.14.5 to 6.14.8
- 4c1609e Merge pull request #7 from reactioncommerce/dependabot/npm_and_yarn/node-fetch-2.6.1
- 6385a32 chore(deps): Bump node-fetch from 2.6.0 to 2.6.1
See the full diffPackage name: sharp
The new version differs by 120 commits.- db654de Release v0.30.5
- a6aeef6 Install: pass `PKG_CONFIG_PATH` via env rather than substitution
- 7bf6cbd Docs: correct links to libvips documentation
- 04c31b3 Install: warn about filesystem owner running npm v8+ as root
- ee9cdb6 Bump deps
- 8960eb8 Docs: changelog entry for #3218
- 54d9dc4 Fix rotate-then-extract for EXIF orientation 2 (#3218)
- 51b4a7c Add support for --libc flag to improve cross-platform install (#3160)
- 5b03579 Docs: more details about concurrency, parallelism, threads
- 58c2af3 Docs: improve output format info for toBuffer
- ee948ac Docs: changelog and credit for #3196
- 66a3ce5 Allow installation of prebuilt libvips binary from filesystem (#3196)
- 75e5afc Docs: fix typo in gif example (#3201)
- d396a4e Release v0.30.4
- ae1dbcd Bump deps
- 4c29368 Docs: EXIF metadata unsupported for TIFF output #3074
- 36e5596 Docs: mention npm's foreground-scripts option to aid debugging
- 985e881 Bump deps
- 0b11671 Docs: changelog for #3178
- 9deac83 Add missing file name to 'Input file is missing' error message (#3178)
- 5d36f5f Improve error message for SVG render above limit #3167
- 926572b Control sensitivity to invalid images via failOn
- d0c8e95 Docs: expand info about use with worker threads
- b0ca23c Docs: changelog and credit for #3146
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.