Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #43

wants to merge 1 commit into from

Conversation

gavinlove
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: babel-loader The new version differs by 13 commits.
  • 321852e Merge branch 'release/6.0.0'
  • e7565ee Add @ malyw 's guide to upgrade babel
  • 862b7b1 Update travis badge url
  • ff3bc7a Update dependencies.
  • fc2bfe4 Merge branch 'shinnn-travis-ci' into develop
  • a6f3fc0 Change options to query. Increase timeout interval
  • 94d6308 Merge remote-tracking branch 'werk85/master' into develop
  • f4e40c5 README updated
  • 0823f6a Upgraded to Babel 6
  • bb110a8 set up Travis CI
  • f84ef50 Merge branch 'develop' of github.com:babel/babel-loader into develop
  • 719eb70 Merge branch 'hotfix/5.3.1' into develop
  • 6b33020 Merge branch 'release/5.3.0' into develop

See the full diff

Package name: karma The new version differs by 250 commits.
  • db41e8e chore: release v2.0.0
  • 0a1a8ef chore: update contributors
  • 1afcb09 chore: add yarn.lock
  • f64e1e0 Merge pull request #2899 from outsideris/fix-bad-url-in-stacktrace
  • 78ad12f refactor(server): move compile step to first run
  • 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
  • b53929a Merge pull request #2712 from macjohnny/patch-1
  • c9e1ca9 feat: better string representation of errors
  • 10fac07 Merge pull request #2885 from karma-runner/prep-2
  • 00e3f88 chore: remove yarn.lock for now
  • 60dfc5c feat: drop core-js and babel where possible
  • 0e1907d test: improve linting and fix test on node 4
  • af0efda test(e2e): update cucumber step definitions
  • c3ccc5d chore(ci): focus on even node versions
  • bf25094 chore(deps): update to latest
  • d93cc5f docs(config): Document port collision scenario.
  • 871d46f feat(launcher): trim whitespace in browser name
  • 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 7bd54ed Merge pull request #2890 from reda-alaoui/patch-1
  • 91e916a docs(config): Document port collision scenario.
  • 334f9fb feat(launcher): trim whitespace in browser name
  • e23c0d4 Merge pull request #2837 from JakeChampion/logs
  • a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 6d353dc docs: improve comments in config.tpl.*

See the full diff

Package name: karma-phantomjs-launcher The new version differs by 28 commits.
  • eb0ca03 chore: release v1.0.4
  • 895fb86 fix: windows pathing
  • 00c3321 chore: release v1.0.3
  • c342607 chore: update contributors
  • db7ebc3 chore: add yarn.lock
  • fe013cd Merge pull request #131 from leightarasenko/master
  • 482eba5 fix: path issue with phantomjs and phantomjs-prebuilt
  • 9c56c0f chore: release v1.0.2
  • 5938221 chore: update contributors
  • fb11f35 Merge pull request #127 from enterit/binary-path-fix
  • faa7474 fix: incorrect phantomjs path calculation
  • f9e2de3 chore: release v1.0.1
  • 33b3421 chore: update contributors
  • 215bf0e Merge pull request #123 from joelmukuthu/master
  • 9ae8ada chore: add phantomjs-prebuilt to dependencies
  • 9b0f5e3 fix(version-reset): set version back to 1.0
  • 1b98e4c chore: release v2.0.0
  • a6da030 chore: update contributors
  • 4dec36d chore(1.0): version bump to 1.0
  • 22622e4 chore: release v1.0.0
  • 45807be chore: update contributors
  • 950292f Merge pull request #99 from shinnn/lodash
  • 9167041 Merge pull request #98 from shinnn/rename
  • 2a03f46 Merge pull request #100 from shinnn/ci

See the full diff

Package name: karma-webpack The new version differs by 55 commits.
  • db43093 chore(release): 2.0.10
  • 5406a4c ci(.travis): update CI config (#302)
  • 2bb71f5 style(src/): fix linting errors (#303)
  • 0a5564d chore(package): update `dependencies`
  • eca88a8 docs(RELEASE): outdated && removed
  • 56e99b0 refactor(index): renamed to `src/index`
  • 31862ff docs(README): standardize
  • 77797a8 build(gulpfile): remove `gulp`
  • 6d28c5c build(.babelrc): use `babel-preset-env`
  • 99ddad8 fix(package): add `webpack >= v4.0.0` (`peerDependencies`) (#301)
  • 94a2d73 build(package): don't generate source maps for release (`build:release`) (#294)
  • 906ed52 fix: correctly escape `{Regex}` in custom file handler (#293)
  • 5fa2409 fix(karma-webpack): correctly coalesce `idx` (`{Number}`) in filepaths (#287)
  • 41d1912 fix: disable `webpack` rebuilds on karma `--single-run`
  • b361ff4 chore(release): 2.0.9
  • be2b0e8 fix: ensure webpack paths include a trailing slash (#285)
  • c781f4e chore: Update changelog for publishing issue
  • 1044b2d chore(release): 2.0.8
  • 60c9616 chore(release): 2.0.7
  • 0616dda fix: use `os.tmpdir()` to safely store `_karma_webpack_` (#279)
  • 68506b4 chore(release): 2.0.6
  • c952bcd fix: work with sourcemaps when mocha is wrapped (#237) (#238)
  • 33d8eaa chore(package): Updates version of webpack-dev-middleware (#269)
  • ec1badf docs(README): update link to latest docs (`webpack.js.org`) (#270)

See the full diff

Package name: wallaby-webpack The new version differs by 86 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
b700243 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gavinlove @snyk-bot