Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade jimp from 0.6.8 to 0.9.0 #235

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
No Proof of Concept
Commit messages
Package name: jimp The new version differs by 26 commits.
  • 0591e73 Bump version to: 0.9.0 [skip ci]
  • b1e3649 Update CHANGELOG.md [skip ci]
  • f5d5167 Revert exports to match 0.6.4 TS definitions (#820)
  • 60b635d Bump version to: 0.8.5 [skip ci]
  • 7aa3c2a Update CHANGELOG.md [skip ci]
  • 0356849 Image dimensions during exif rotation have been corrected (#791)
  • 29679fa Upgrade nearly-all dev deps (#799)
  • 3b58221 Added back mention of required tsconfig options (#800)
  • ee5a809 Bump version to: 0.8.4 [skip ci]
  • e44272c Update CHANGELOG.md [skip ci]
  • 8fdc360 TS 3.1 fixed (#798)
  • 42e184c Bump version to: 0.8.3 [skip ci]
  • dc22fab Update CHANGELOG.md [skip ci]
  • e4bb762 Fix issues with typings using classes, publish @core typings, and fix 3.1 typings (#792)
  • c4575b6 Bump version to: 0.8.2 [skip ci]
  • 76294fb Update CHANGELOG.md [skip ci]
  • 25a2ed7 must ship types (#794)
  • 4242e41 Bump version to: 0.8.1 [skip ci]
  • 5d3ac2d Update CHANGELOG.md [skip ci]
  • 6c8b9de Fix 0.8 typings, add type tests (#786)
  • 11f2dcb Bump version to: 0.8.0 [skip ci]
  • 4238e4a Update CHANGELOG.md [skip ci]
  • c1a59d6 Made typings plugin friendly & add typings for every package (#770)
  • cd5ff6a Bump version to: 0.7.0 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant