kroleg
commented
2 years ago Closing this one as change (hardcoding version in example project) doesn't make sense.
Closed snyk-bot closed 2 years ago
kroleg
commented
2 years ago Closing this one as change (hardcoding version in example project) doesn't make sense.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 9.8
SNYK-JS-NODEFORGE-598677
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-my-info-sg
The new version differs by 12 commits.- 47180f1 chore: version bump
- d9d352b chore(node-jose): upgrade node-jose to 2.0.0
- 6138675 fix: Fix tests
- 55e54c1 fix: Add error logging
- 17ea861 fix: Update public certificate
- 61acca4 1.1.1
- 9257849 feat: Add parameter to override redirectUrl
- d3e9f15 Merge pull request #5 from stashaway-engineering/dependabot/npm_and_yarn/eslint-utils-1.4.2
- 609a68c Merge pull request #3 from stashaway-engineering/dependabot/npm_and_yarn/example/lodash-4.17.15
- 2d3ffb9 build(deps): Bump eslint-utils from 1.3.1 to 1.4.2
- 0cac1a3 build(deps): Bump lodash from 4.17.11 to 4.17.15 in /example
- e88a485 feat: Update readme
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic