Closed snyk-bot closed 3 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
SNYK-JS-PROPERTIESREADER-1048968
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: properties-reader
The new version differs by 49 commits.- a79ef3b 2.2.0
- 45cd522 Merge pull request #41 from steveukx/feature/tests-update
- 4e4bc39 Allow for relying on Object prototype in steps of the expanded properties
- 0877cc8 Test case covering the use of `__proto__` as a section name
- 79637cb Merge pull request #39 from steveukx/feature/tests-update
- a250c95 Tests updated to use jest
- 9dc55e5 Merge remote-tracking branch 'origin/master'
- dd9d028 Add no-response bot
- de58ae1 Update .travis.yml
- 650c17f 2.1.1
- 3544155 Merge branch 'master' of github.com:steveukx/properties
- 60442e2 2.1.0
- f8a665d Set min node=10
- 567fbc1 Merge branch 'writer-options'
- 7f71978 Update readme
- f925b73 Writer options - allows saving without sections
- 9812ef2 Merge pull request #35 from steveukx/dependabot/npm_and_yarn/lodash-4.17.19
- cb3d0a6 Bump lodash from 4.17.14 to 4.17.19
- 84bedfa Update README.md
- 8eb6caa 2.0.0
- 6b176a5 Fix error in reading in multiple items without section blocks
- 2e98a52 Allow for configuring a propertiesAppender to handle whether to collapse duplicate sections into the first one or not
- 96ba64f 1.0.0
- 9c35dd9 Merge branch 'pr/27'
See the full diffPackage name: zotero-plugin
The new version differs by 110 commits.- eac8d66 1.0.15
- ec8712e ncu
- ba22359 1.0.14
- 9e36d47 ncu
- 7225e40 1.0.13
- d1d8793 octokit v17 seems to be pretty schizo
- a336a7a 1.0.12
- b60adfe the new API is a bit bonkers
- 4d77897 1.0.11
- 7aafb54 ncu
- a8dffed 1.0.10
- 5d244b8 octokit updates
- 97c6599 1.0.9
- 0ef4550 dpl v2
- aa0a656 1.0.8
- 7e31f5e another superfluous bin
- 51ed172 1.0.7
- 9e8e57a remove obsolete bin
- 7163ee9 1.0.6
- c03de35 explicit publish
- 9a23696 1.0.5
- 7e5e834 travis is getting weirder by the minute
- fb2f82b 1.0.4
- e0a1e6b 1.0.3
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic