search

resamsel / translatr

I18n Translation Management
https://translatr.repanzar.com
GNU General Public License v3.0
8 stars 1 forks source link

[Snyk] Security upgrade codemirror from 5.46.0 to 5.54.0 #205

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CODEMIRROR-569611		 No No Known Exploit
Commit messages
Package name: codemirror The new version differs by 239 commits.
  • a5497d1 Mark version 5.54.0
  • 4377c08 [gfm mode] add fencedCodeBlockDefaultMode option
  • e56014c [soy mode] Fix bug with "map" in type name
  • 8facd90 [vim] Allow Ex-Commands with non-word names
  • 25e7a32 [match-highlighter] Fix issue in highlighting non-alphanumeric tokens
  • b6ac63e Proper escaping of \s
  • 890cb6b [javascript mode] Fix a runaway regexp
  • 0884405 [runmode addon] Add support for lookahead
  • a810aee [mode/meta] Remove unwanted space in TiddlyWiki mode name
  • 8e260c2 [dart mode] Add `late` and `required` keywords, `Null` and `Never` types
  • 0de283c [tcl mode] Add # as a lineComment
  • 2e841f6 Add a sponsors section to the website
  • 632f30b Increase size of scrollbar-hack gap
  • a9774d9 [javascript operator] Properly implement optional chaining operator
  • b6a75e5 [matchbrackets addon] Disable highlighting when the editor isn't focused
  • c41dec1 Also ignore clipboard events inside widgets in contenteditable input mode
  • dfa4bda [runmode standalone] Add support for globalThis
  • 6890f98 Don't mess with the selection when refocusing a text field
  • a67ed9a [javascript mode] Allow class fields in non-TS mode
  • 46f2723 [javascript mode] Add support for private properties
  • 0b64369 Disable scroll workaround in start-drag handler for Safari
  • ad54953 [vim bindings] Remove a duplicate entry in defaultExCommandMap
  • e8c0a77 Disable scroll-on-focus in drag focus kludge
  • 64e4504 [python mode] Somewhat improve handling of format specs in format strings
See the full diff
With a Snyk patch:
Severity Issue Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746		 Proof of Concept

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

coveralls commented 4 years ago

Coverage Status

Coverage remained the same at 58.244% when pulling 9a735be49e47ceb2cc7628ae25956b8413420fac on snyk-fix-28eece9743e612272f614561e2d1c1de into b63af592316285bbedfec2122f3cbf5a1c6fec6a on master.