search

reactioncommerce / api-plugin-products

Products plugin for the Reaction API
GNU General Public License v3.0
3 stars 22 forks source link

[Snyk] Upgrade @reactioncommerce/api-utils from 1.14.3 to 1.16.5 #29

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade @reactioncommerce/api-utils from 1.14.3 to 1.16.5.

merge advice As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602		 265/1000
Why? CVSS 5.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601		 265/1000
Why? CVSS 5.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		 265/1000
Why? CVSS 5.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599		 265/1000
Why? CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @reactioncommerce/api-utils from @reactioncommerce/api-utils GitHub release notes
Commit messages
Package name: @reactioncommerce/api-utils
  • 4eaa156 Merge pull request #70 from reactioncommerce/snyk-upgrade-49420cfa43943a896fbd8a399685fe15
  • 9f28f5e Merge pull request #87 from reactioncommerce/revert-84-remove-deprecated-export
  • 3b2f2c4 revert: "(fix) remove deprecated export style"
  • 41c91e4 Merge pull request #82 from reactioncommerce/dependabot/npm_and_yarn/normalize-url-5.3.1
  • aa37c7e Merge pull request #86 from reactioncommerce/dependabot/npm_and_yarn/glob-parent-5.1.2
  • db432ee Merge pull request #85 from reactioncommerce/dependabot/npm_and_yarn/trim-newlines-3.0.1
  • 08d153f chore(deps): Bump glob-parent from 5.1.1 to 5.1.2
  • b3847e0 Merge pull request #84 from zenweasel/remove-deprecated-export
  • bd1241e chore(deps): Bump trim-newlines from 3.0.0 to 3.0.1
  • 7c77a70 fix: remove deprecated export style
  • 1acdbb2 chore(deps): Bump normalize-url from 5.3.0 to 5.3.1
  • 58817a8 Merge pull request #81 from outgrow/outgrow-fix-totalCount-for-aggregates
  • df31453 test: update tests for new group-based totalCount
  • 220c5fc fix: re-implement totalCount with
  • 700bcee Merge pull request #79 from dileepab/trunk
  • d61d487 Merge pull request #78 from reactioncommerce/akarshit-build-for-all
  • 5f0b7af fix: add LKR currency
  • 693d3c9 fix: lint error fix
  • c4b66cd fix: update CurrencyDefinitions.js
  • 03a6aa1 fix: Add Missing LKR Currency
  • e75967d fix: Update CurrencyDefinitions.js
  • 698bd77 Merge pull request #75 from reactioncommerce/dependabot/npm_and_yarn/ws-7.4.6
  • a6e0cf9 Merge pull request #76 from outgrow/trunk
  • 0ac46f1 fix: require env in deploy step
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

rc-publisher commented 3 years ago

:tada: This PR is included in version 1.0.4 :tada:

The release is available on:

Your semantic-release bot :package::rocket: