rkazakov / postxml-amp

Postxml plugin to convert plain HTML to Google AMP (Accelerated Mobile Pages)
MIT License
7 stars 1 forks source link

[Snyk] Security upgrade snyk from 1.120.1 to 1.124.1 #32

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 561/1000
Why? Recently disclosed, CVSS 9.8
Prototype Pollution
SNYK-JS-LODASH-590103
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk The new version differs by 33 commits.
  • 1819ace Merge pull request #356 from snyk/fix/bump-nodejs-lockfile-parser-vulnerable-deps
  • c311382 fix: bump nodejs-lockfile-parser to update vulnerable deps
  • 0006647 Merge pull request #353 from snyk/feat/remove-semver-use-for-os-packages
  • a38167c feat: move fixed in calculation for os packages to phoenix
  • f229c28 Merge pull request #349 from snyk/feat/remove-semver-use
  • 97a2d63 feat: remove semver for binaries and use nearestFixedInVersion instead
  • 5160c55 Merge pull request #346 from snyk/lirantal-composer-lockfile-help
  • f66d1b9 fix(docs): add missing composer.lock file
  • e98739a Merge pull request #318 from snyk/refactor/commands-test
  • 2080fa0 refactor: test command rewritten to TS
  • 7a4a915 Merge pull request #342 from snyk/chore/remove-build-from-toc
  • 6d2feb0 chore: remove build from TOC
  • 6b07600 Merge pull request #337 from snyk/fix/php-plugin-bump
  • 319cf35 fix: bump php plugin to better support file paths
  • f773c77 Merge pull request #338 from snyk/fix/bump-docker-plugin
  • b4ba234 Merge pull request #341 from snyk/test/revert-a-fixture-change
  • bbfd700 test: remove a fixture change done in https://github.com/snyk/snyk/pull/340
  • 3667dcd fix: bump docker plugin
  • 567e3b3 Merge pull request #340 from snyk/fix/pin-deps-to-unbreak-node-4
  • c7966f8 test: pin `get-uri` to 2.0.2 in a fixture
  • 8bfae15 fix: pin proxy-agent & get-uri deps to not-break node 4
  • a8c561d Merge pull request #327 from snyk/fix/undefined-base-image
  • 962810a fix: Undefined base image
  • bc82842 Merge pull request #325 from snyk/chore/run-travis-on-node-10
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic