search

secanis / stjorna

STJÓRNA was created to have an easy product management with the possibility to access the categories and products over an simple only readable REST API.
https://stjorna.secanis.ch
MIT License
2 stars 1 forks source link

[Snyk] Security upgrade excel4node from 1.7.2 to 1.8.0 #99

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Denial of Service (DoS)
SNYK-JS-JSZIP-1251497		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: excel4node The new version differs by 49 commits.
  • e3596be Add v1.8.0 to changelog
  • ee31038 Merge pull request #24 from advisr-io/upgrade-xmldom
  • b111cbc Merge remote-tracking branch 'origin/master' into upgrade-xmldom
  • da8e38e Updating package-lock with reverted package name and increased node version
  • 9003c32 Updating xmldom to point to new artifact @ xmldom/xmldom
  • d562d7a Reverting package name and setting minimum node version to 14
  • 7b06164 Merge pull request #7 from advisr-io/dependency-updates
  • 852fd8f Merge remote-tracking branch 'origin/master' into dependency-updates
  • 4fdf180 Merge pull request #21 from advisr-io/picture-rid-undefined-fix
  • a6de9cb Merge branch 'master' into picture-rid-undefined-fix
  • 38cc994 Merge pull request #22 from advisr-io/add-test-github-action
  • 81048ea Adding github action to build and test branches and PRs
  • 4b46ccd Updating npm prepublish to prepublishOnly
  • ff0182b Checking in package-lock.json to enforce dependency version
  • f2177a2 Fixing issue with a picture rId being undefined
  • acc547a Upgrade mime to 3.0.0
  • f727cdf Upgrade jszip to 3.10.0
  • 2371762 Upgrading deepmerge to 4.2.2
  • d1b0fa8 Upgrade image-size to 1.0.2
  • 494fb90 Merge pull request #8 from advisr-io/convert-changelog-to-markdown
  • a9c09b2 Update dependabot.yml
  • 277240a Updating xmlbuilder to 15.1.1
  • 2a8c2a8 Upgrading uuid to 8.3.2
  • be69b4e Adding github action to build and test branches and PRs
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.