Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade rollup-plugin-terser from 5.1.2 to 6.0.0 #826

Closed
wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • yarn.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
No No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@vercel
Copy link

vercel bot commented Aug 24, 2020

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/formium/tsdx/nmgvsl7sk
✅ Preview: https://tsdx-git-snyk-fix-d84668d51c5c1705a4f5d563ffb04ca3.formium.vercel.app

@agilgur5
Copy link
Collaborator

Duplicate of #731

@agilgur5 agilgur5 marked this as a duplicate of #731 Aug 24, 2020
@agilgur5 agilgur5 added the solution: duplicate This issue or pull request already exists label Aug 24, 2020
@agilgur5
Copy link
Collaborator

Snyk has been removed. Closing as duplicate per above.

@agilgur5 agilgur5 closed this Aug 29, 2020
Repository owner locked and limited conversation to collaborators Aug 29, 2020
@agilgur5 agilgur5 deleted the snyk-fix-d84668d51c5c1705a4f5d563ffb04ca3 branch August 31, 2020 15:59
@agilgur5 agilgur5 added the topic: Rollup 2 Related to Rollup 2 upgrade label Sep 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
solution: duplicate This issue or pull request already exists topic: Rollup 2 Related to Rollup 2 upgrade
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants