Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
SNYK-JS-FOLLOWREDIRECTS-2332181
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4
SNYK-JS-NANOID-2332193
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: contentful
The new version differs by 34 commits.- 38b2f8a build(deps): bump axios from 0.19.2 to 0.20.0 (#425)
- 6a39c1e Merge pull request #426 from contentful/dependabot/npm_and_yarn/json-10.0.0
- aee9ee6 build(deps-dev): bump json from 9.0.6 to 10.0.0
- 8361939 fix(perf): improve performance of resolving huge data sets (#420)
- fa0d353 fix(security): remove http links from readme (#414)
- 442062e build(deps-dev): bump eslint from 6.8.0 to 7.2.0
- 913693c build(deps): bump contentful-sdk-core from 6.4.0 to 6.4.5 (#404)
- 4d58cd1 fix(typings):add 'embedded-entry-inline' to RichTextNodeType (#402)
- 916d082 fix(chore): SYS type declaration (#398)
- 08810d1 build(deps-dev): bump karma from 4.4.1 to 5.0.1
- 06a2783 fix(types) add revision and space to Sys interface (#368)
- 829b170 fix(build): Add semantic-release plugins (#391)
- 9fc78e5 fix(build): legacy bundle not IE11 conform (#390)
- afa47a9 build(deps-dev): bump mkdirp from 0.5.3 to 1.0.3 (#378)
- 772a456 build(deps-dev): bump karma-sauce-launcher from 2.0.2 to 4.1.2 (#388)
- 3bcf073 build(deps-dev): bump nodemon from 1.19.4 to 2.0.2
- d71f3c2 build(deps-dev): bump sinon from 7.5.0 to 9.0.1
- 12ae6e4 build(deps-dev): bump husky from 3.1.0 to 4.2.3
- 6f8691f build(deps-dev): bump semantic-release from 15.14.0 to 17.0.4
- 17dbf52 build(deps-dev): bump eslint-plugin-node from 10.0.0 to 11.1.0
- b3c9592 chore(config): Add dependabot config and update semantic-release settings (#389)
- 530e999 Merge pull request #373 from contentful/feat/add-sync-limit
- 10dfe9e feat: Allow limit in sync API
- d45470e chore(config): Change node support number from 12 to LTS (#367)
See the full diffPackage name: next
The new version differs by 250 commits.- e6e4a15 v8.0.4
- 25deefb Avoid "ad" anywhere in the buildId (#6854)
- 742f29f buildId is not an ad (#6851)
- e25312b Make sure error isn't swallowed for production test on CircleCi (#6848)
- 14eef58 Re-add chromedriver retrying from previous webdriver setup (#6846)
- 8cd7bd1 Fix wrong anchors and add missing link (#6845)
- 3a7caa6 v8.0.4-canary.31
- c864ab9 Added useBuiltIns to babel object-rest-spread (#6805)
- 41da136 v8.0.4-canary.30
- f6786b4 v8.0.4-canary.29
- 99023b9 v8.0.4-canary.28
- 71680fb Fix typo in workflow (#6838)
- e48610e v8.0.4-canary.27
- f6439ae Add workflow to generate stats for release (#6836)
- 6bb8327 Exclude transform-typeof-symbol (#6812)
- f81e5f4 Added babel-plugin-dynamic-import-node (#6811)
- 26a4eb8 Add dropping of custom scripts in AMP mode (#6830)
- b6b0db1 Update env variables for CircleCi (#6834)
- 8b5906c Add error catching to firefox url query workaround (#6833)
- 533018f Update tests for BrowserStack (#6810)
- 9c2f690 Fix typo by replacing `compatability` with `compatibility` (#6831)
- a750d1c NODE_ENV is set to undefined before running a test command (#6823)
- 2f325e0 Add example with astroturf (Zero runtime CSS-in-JS) (#6821)
- 51b1541 The custom build test now runs in production mode (#6818)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic