search

scrapd / scrapdviz

Visualize Austin traffic fatalities from another angle
https://viz.scrapd.org
MIT License
1 stars 10 forks source link

[Snyk] Security upgrade lighthouse from 6.2.0 to 7.0.0 #217

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lighthouse The new version differs by 248 commits.
  • 96eda60 v7.0.0 (#11839)
  • 2e3cd5c core(full-page-screenshot): handle ShadowRoots (#11852)
  • 966a206 report: fix element screenshot position, lifecycle, styles
  • 91092fc core(network): do not consider cross frame requests critical (#11851)
  • 7978f63 core(config): special case full-page-screenshot audit in filtering (#11829)
  • 9dbb0a5 tests(smoke): restore dbw_tester exception assertions (#11836)
  • a6738e0 core(emulation): refactor emulation settings & CLI flags (#11779)
  • ea5afa4 core(config): only allow lighthouse:default extension (#11835)
  • a30953c core(a11y): upgrade axe-core to 4.1.1, update a11y audits (#11661)
  • 6e0158d core(script-treemap-data): fix sourceRoot & missing coverage bugs (#11825)
  • ced75b5 misc: add log files to GCP run results (#11833)
  • f4904da core(uses-http2): remove mention of push (#11834)
  • ad97b21 tests: use font-size for non-composited animations in smoke tests (#11808)
  • 852e79a core(pwa): remove works-offline and offline-start-url audits (#11806)
  • 3d90a59 core(installable-manifest): use devtools InstallabilityErrors (#11745)
  • c6d1398 report(pwa): move service-worker to the pwa-optimized group (#11798)
  • 0f418a8 deps: update yargs to latest (#11794)
  • a589db5 deps: update old transitive deps (#11811)
  • 5fc0fce core(artifacts): merge ConsoleMessages and RuntimeExceptions artifacts (#11663)
  • 70106be core: support local plugins from global Lighthouse (#11696)
  • 5b4b47c misc: temporarily allow css in redirectPass (#11813)
  • 7915708 core(lantern): allow non-XHRs to depend on CPU Nodes (#11767)
  • 2aa9845 core(without-javascript): remove audit (#11711)
  • 6ad47fa tests: fix CI condition in download-devtools.sh (#11809 followup)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic