Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 2.6
SNYK-JS-FOLLOWREDIRECTS-2396346
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: contentful
The new version differs by 34 commits.- 38b2f8a build(deps): bump axios from 0.19.2 to 0.20.0 (#425)
- 6a39c1e Merge pull request #426 from contentful/dependabot/npm_and_yarn/json-10.0.0
- aee9ee6 build(deps-dev): bump json from 9.0.6 to 10.0.0
- 8361939 fix(perf): improve performance of resolving huge data sets (#420)
- fa0d353 fix(security): remove http links from readme (#414)
- 442062e build(deps-dev): bump eslint from 6.8.0 to 7.2.0
- 913693c build(deps): bump contentful-sdk-core from 6.4.0 to 6.4.5 (#404)
- 4d58cd1 fix(typings):add 'embedded-entry-inline' to RichTextNodeType (#402)
- 916d082 fix(chore): SYS type declaration (#398)
- 08810d1 build(deps-dev): bump karma from 4.4.1 to 5.0.1
- 06a2783 fix(types) add revision and space to Sys interface (#368)
- 829b170 fix(build): Add semantic-release plugins (#391)
- 9fc78e5 fix(build): legacy bundle not IE11 conform (#390)
- afa47a9 build(deps-dev): bump mkdirp from 0.5.3 to 1.0.3 (#378)
- 772a456 build(deps-dev): bump karma-sauce-launcher from 2.0.2 to 4.1.2 (#388)
- 3bcf073 build(deps-dev): bump nodemon from 1.19.4 to 2.0.2
- d71f3c2 build(deps-dev): bump sinon from 7.5.0 to 9.0.1
- 12ae6e4 build(deps-dev): bump husky from 3.1.0 to 4.2.3
- 6f8691f build(deps-dev): bump semantic-release from 15.14.0 to 17.0.4
- 17dbf52 build(deps-dev): bump eslint-plugin-node from 10.0.0 to 11.1.0
- b3c9592 chore(config): Add dependabot config and update semantic-release settings (#389)
- 530e999 Merge pull request #373 from contentful/feat/add-sync-limit
- 10dfe9e feat: Allow limit in sync API
- d45470e chore(config): Change node support number from 12 to LTS (#367)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic