search

redwerks / mediawiki-extensionservice

A service and API that gathers and exposes metadata about MediaWiki extensions.
https://tools.wmflabs.org/extensionservice/
MIT License
1 stars 1 forks source link

[Snyk] Fix for 2 vulnerabilities #23

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-DOTPROP-543489		 Yes Proof of Concept
high severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-LODASH-590103		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: express-promise-router The new version differs by 27 commits.
  • 2f765c6 1.1.1
  • 1a9b08b Merge pull request #24 from mormahr/master
  • 10f4bd1 Fix tabs / spaces
  • 3cc4816 1.1.0
  • 7a85b9f Merge pull request #23 from TheThing/master
  • e9c142c Update jshint-stylish
  • 292edd3 Update load-grunt-tasks
  • 61f2c83 Fix coding style
  • 891c757 Update grunt and grunt plugins
  • 97280fc Update chai
  • a34d9c6 Redo removing the .done() call even if it is discouraged to retain behaviour
  • bd02fb8 Updated lodash to 4.x (4.13.x)
  • 80698c3 Updated bluebird to 3.x (3.4.x)
  • 578751a Merge remote-tracking branch 'alex-whitney/master'
  • 1bbc3ff router: Clean, optimise and comment
  • 05006c5 router: Remove redundant unused code
  • 0cd580b Merge pull request #22 from TheThing/master
  • ce5fea4 router: Add support for array of routes
  • 79be673 throw pretty error if handler is not a function
  • e690739 router: Fix unresolved promises in use.params
  • 989e835 package: Add grunt-cli to dev dependancy
  • 7bb5e7d 1.0.0
  • 3cb7975 fix tests
  • 0ac257c Merge pull request #20 from cypherix93/#18
See the full diff
Package name: nodemon The new version differs by 16 commits.
  • ee92ee4 test: split require tests
  • 33ae6da test: fix failing test when required
  • a4490e2 fix: package.json & package-lock.json to reduce vulnerabilities
  • 9bd07eb docs: changed verbose logging and CLI documentation to reflect support single file watch functionality
  • c279760 test: make sigint test to actually check child pid (#1656)
  • cd45d74 test: fix fork test
  • 496c335 chore: undo change to spawn code
  • 47dfb8b fix: pipe stderr correctly
  • ed91703 fix: ubuntu loop waiting for sub processes
  • 9a67f36 feat: update chokidar to v3
  • 6781b40 docs: add license file
  • 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
  • b58cf7d chore: Merge branch 'master'
  • 95a4c09 docs: add to faq
  • 3a2eaf7 choe: merge master
  • 3d90879 chore: add logo to site
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic