profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/snyk-bot/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Snyk bot snyk-bot @Snyk https://snyk.io Snyk's bot, opens pull requests to fix known vulnerabilities in your dependencies. Check out https://snyk.io/ to learn more.

snyk-bot/nodejs-pubsub 1

Node.js client for Google Cloud Pub/Sub: Ingest event streams from anywhere, at any scale, for simple, reliable, real-time stream analytics.

snyk-bot/lighthouse 0

Automated auditing, performance metrics, and best practices for the web.

snyk-bot/nodejs-error-reporting 0

Node.js client for Stackdriver Error Reporting: Count, analyze and aggregate the crashes in your running cloud services.

snyk-bot/shallow-goof 0

This is a shallow repo that contains a single vuln (for demo purposes)

PR opened snyk-matt/goof-platform

[Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0

<h3>Snyk has created this PR to upgrade body-parser from 1.9.0 to 1.19.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 32 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2019-04-26.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>body-parser</b></summary> <ul> <li> <b>1.19.0</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.19.0">2019-04-26</a></br><ul> <li>deps: bytes@3.1.0 <ul> <li>Add petabyte (<code>pb</code>) support</li> </ul> </li> <li>deps: http-errors@1.7.2 <ul> <li>Set constructor name when possible</li> <li>deps: setprototypeof@1.1.1</li> <li>deps: statuses@'>= 1.5.0 < 2'</li> </ul> </li> <li>deps: iconv-lite@0.4.24 <ul> <li>Added encoding MIK</li> </ul> </li> <li>deps: qs@6.7.0 <ul> <li>Fix parsing array brackets after index</li> </ul> </li> <li>deps: raw-body@2.4.0 <ul> <li>deps: bytes@3.1.0</li> <li>deps: http-errors@1.7.2</li> <li>deps: iconv-lite@0.4.24</li> </ul> </li> <li>deps: type-is@~1.6.17 <ul> <li>deps: mime-types@~2.1.24</li> <li>perf: prevent internal <code>throw</code> on invalid type</li> </ul> </li> </ul> </li> <li> <b>1.18.3</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.18.3">2018-05-14</a></br><ul> <li>Fix stack trace for strict json parse error</li> <li>deps: depd@~1.1.2 <ul> <li>perf: remove argument reassignment</li> </ul> </li> <li>deps: http-errors@~1.6.3 <ul> <li>deps: depd@~1.1.2</li> <li>deps: setprototypeof@1.1.0</li> <li>deps: statuses@'>= 1.3.1 < 2'</li> </ul> </li> <li>deps: iconv-lite@0.4.23 <ul> <li>Fix loading encoding with year appended</li> <li>Fix deprecation warnings on Node.js 10+</li> </ul> </li> <li>deps: qs@6.5.2</li> <li>deps: raw-body@2.3.3 <ul> <li>deps: http-errors@1.6.3</li> <li>deps: iconv-lite@0.4.23</li> </ul> </li> <li>deps: type-is@~1.6.16 <ul> <li>deps: mime-types@~2.1.18</li> </ul> </li> </ul> </li> <li> <b>1.18.2</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.18.2">2017-09-22</a></br><ul> <li>deps: debug@2.6.9</li> <li>perf: remove argument reassignment</li> </ul> </li> <li> <b>1.18.1</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.18.1">2017-09-12</a></br><ul> <li>deps: content-type@~1.0.4 <ul> <li>perf: remove argument reassignment</li> <li>perf: skip parameter parsing when no parameters</li> </ul> </li> <li>deps: iconv-lite@0.4.19 <ul> <li>Fix ISO-8859-1 regression</li> <li>Update Windows-1255</li> </ul> </li> <li>deps: qs@6.5.1 <ul> <li>Fix parsing & compacting very deep objects</li> </ul> </li> <li>deps: raw-body@2.3.2 <ul> <li>deps: iconv-lite@0.4.19</li> </ul> </li> </ul> </li> <li> <b>1.18.0</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.18.0">2017-09-09</a></br><ul> <li>Fix JSON strict violation error to match native parse error</li> <li>Include the <code>body</code> property on verify errors</li> <li>Include the <code>type</code> property on all generated errors</li> <li>Use <code>http-errors</code> to set status code on errors</li> <li>deps: bytes@3.0.0</li> <li>deps: debug@2.6.8</li> <li>deps: depd@~1.1.1 <ul> <li>Remove unnecessary <code>Buffer</code> loading</li> </ul> </li> <li>deps: http-errors@~1.6.2 <ul> <li>deps: depd@1.1.1</li> </ul> </li> <li>deps: iconv-lite@0.4.18 <ul> <li>Add support for React Native</li> <li>Add a warning if not loaded as utf-8</li> <li>Fix CESU-8 decoding in Node.js 8</li> <li>Improve speed of ISO-8859-1 encoding</li> </ul> </li> <li>deps: qs@6.5.0</li> <li>deps: raw-body@2.3.1 <ul> <li>Use <code>http-errors</code> for standard emitted errors</li> <li>deps: bytes@3.0.0</li> <li>deps: iconv-lite@0.4.18</li> <li>perf: skip buffer decoding on overage chunk</li> </ul> </li> <li>perf: prevent internal <code>throw</code> when missing charset</li> </ul> </li> <li> <b>1.17.2</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.17.2">2017-05-18</a></br><ul> <li>deps: debug@2.6.7 <ul> <li>Fix <code>DEBUG_MAX_ARRAY_LENGTH</code></li> <li>deps: ms@2.0.0</li> </ul> </li> <li>deps: type-is@~1.6.15 <ul> <li>deps: mime-types@~2.1.15</li> </ul> </li> </ul> </li> <li> <b>1.17.1</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.17.1">2017-03-06</a></br><ul> <li>deps: qs@6.4.0 <ul> <li>Fix regression parsing keys starting with <code>[</code></li> </ul> </li> </ul> </li> <li> <b>1.17.0</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.17.0">2017-03-01</a></br><ul> <li>deps: http-errors@~1.6.1 <ul> <li>Make <code>message</code> property enumerable for <code>HttpError</code>s</li> <li>deps: setprototypeof@1.0.3</li> </ul> </li> <li>deps: qs@6.3.1 <ul> <li>Fix compacting nested arrays</li> </ul> </li> </ul> </li> <li> <b>1.16.1</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.16.1">2017-02-11</a></br><ul> <li>deps: debug@2.6.1 <ul> <li>Fix deprecation messages in WebStorm and other editors</li> <li>Undeprecate <code>DEBUG_FD</code> set to <code>1</code> or <code>2</code></li> </ul> </li> </ul> </li> <li> <b>1.16.0</b> - <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases/tag/1.16.0">2017-01-18</a></br><ul> <li>deps: debug@2.6.0 <ul> <li>Allow colors in workers</li> <li>Deprecated <code>DEBUG_FD</code> environment variable</li> <li>Fix error when running under React Native</li> <li>Use same color for same namespace</li> <li>deps: ms@0.7.2</li> </ul> </li> <li>deps: http-errors@~1.5.1 <ul> <li>deps: inherits@2.0.3</li> <li>deps: setprototypeof@1.0.2</li> <li>deps: statuses@'>= 1.3.1 < 2'</li> </ul> </li> <li>deps: iconv-lite@0.4.15 <ul> <li>Added encoding MS-31J</li> <li>Added encoding MS-932</li> <li>Added encoding MS-936</li> <li>Added encoding MS-949</li> <li>Added encoding MS-950</li> <li>Fix GBK/GB18030 handling of Euro character</li> </ul> </li> <li>deps: qs@6.2.1 <ul> <li>Fix array parsing from skipping empty values</li> </ul> </li> <li>deps: raw-body@~2.2.0 <ul> <li>deps: iconv-lite@0.4.15</li> </ul> </li> <li>deps: type-is@~1.6.14 <ul> <li>deps: mime-types@~2.1.13</li> </ul> </li> </ul> </li> <li> <b>1.15.2</b> - 2016-06-20 </li> <li> <b>1.15.1</b> - 2016-05-06 </li> <li> <b>1.15.0</b> - 2016-02-11 </li> <li> <b>1.14.2</b> - 2015-12-16 </li> <li> <b>1.14.1</b> - 2015-09-28 </li> <li> <b>1.14.0</b> - 2015-09-16 </li> <li> <b>1.13.3</b> - 2015-07-31 </li> <li> <b>1.13.2</b> - 2015-07-06 </li> <li> <b>1.13.1</b> - 2015-06-16 </li> <li> <b>1.13.0</b> - 2015-06-15 </li> <li> <b>1.12.4</b> - 2015-05-11 </li> <li> <b>1.12.3</b> - 2015-04-16 </li> <li> <b>1.12.2</b> - 2015-03-17 </li> <li> <b>1.12.1</b> - 2015-03-16 </li> <li> <b>1.12.0</b> - 2015-02-14 </li> <li> <b>1.11.0</b> - 2015-01-31 </li> <li> <b>1.10.2</b> - 2015-01-21 </li> <li> <b>1.10.1</b> - 2015-01-02 </li> <li> <b>1.10.0</b> - 2014-12-03 </li> <li> <b>1.9.3</b> - 2014-11-22 </li> <li> <b>1.9.2</b> - 2014-10-28 </li> <li> <b>1.9.1</b> - 2014-10-23 </li> <li> <b>1.9.0</b> - 2014-09-24 </li> </ul> from <a href="https://snyk.io/redirect/github/expressjs/body-parser/releases">body-parser GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>body-parser</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/998b265db57a80ae75ea51c55f6a191e2d168a60">998b265</a> 1.19.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/40a0e811992cbc944359430f342afb078e595d36">40a0e81</a> deps: type-is@~1.6.17</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/eda21da255e359ec1fc068b78e32d7eb08295af5">eda21da</a> build: support Node.js 12.x</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/dc7fea41d1b50be7e00eb1ff682a5db1b4085c88">dc7fea4</a> build: mocha@6.1.4</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/926f8f1df6ded0e7a7931b6993611f16b2ec3b9b">926f8f1</a> build: eslint-plugin-import@2.17.2</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/cc0cbac30869b9437829d0a82f74458d84cf14db">cc0cbac</a> deps: raw-body@2.4.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/b69292b340072c342bb019a8bf70b5dc8e2cd5b1">b69292b</a> build: Node.js@11.14</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/1c9ed746d5a7aad0d94b7ee19a9cd41126b6f415">1c9ed74</a> build: Node.js@8.16</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/737cb13042b3880baea416c7ddd91c5da4e2aa25">737cb13</a> build: supertest@4.0.2</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/93ba395ac18f8f659b429ec73c4c62134463fa8d">93ba395</a> build: eslint-plugin-node@8.0.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/3eb8d29d9258c77eeba39991af1af9fae97c601e">3eb8d29</a> build: eslint@5.16.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/d198d877da888ff0a8fb8a62ad90e8f78769f19d">d198d87</a> deps: qs@6.7.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/91d0232b7633b0c42d74cd04fb063557ea32efef">91d0232</a> deps: iconv-lite@0.4.24</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/c9718ce2258c1876c7baa17c1ca6be22ffa5c8a8">c9718ce</a> build: Node.js@11.13</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/a5701e308555d70aabcf67d81ab4cc4f9c5b26dc">a5701e3</a> build: eslint-plugin-promise@4.1.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/61fbe982555ffb69b1861fef36aa3354d2cfe49c">61fbe98</a> deps: http-errors@1.7.2</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/13bf2f636f3f1ea0db38f7334262c92fac55301f">13bf2f6</a> deps: bytes@3.1.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/16727c30913da87f482ab1fb060d1253f2508ca4">16727c3</a> build: eslint@5.15.3</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/e30fbcbc92c462b0cd9f5168102c20e17633a635">e30fbcb</a> build: mocha@6.0.2</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/1970a47676964c57741c8d2293b8892c5c3540e1">1970a47</a> build: supertest@3.4.2</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/d6579f28fe19402cc2682fc1f68fef5353018cc2">d6579f2</a> deps: qs@6.6.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/67d11d269ceffbbebe3cd86b43f559754a847e8e">67d11d2</a> build: eslint@5.15.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/f56f14c15de45476b60639fc2b0f44bd9fadb003">f56f14c</a> build: eslint-plugin-markdown@1.0.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/body-parser/commit/a647c3d34edf612050a6fcbfbaf8931ddf8123ae">a647c3d</a> build: eslint-plugin-import@2.16.0</li> </ul>

<a href="https://snyk.io/redirect/github/expressjs/body-parser/compare/263f602e6ae34add6332c1eb4caa808893b0b711...998b265db57a80ae75ea51c55f6a191e2d168a60">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwYmM3NWEzMy1lMDIxLTRlNWUtYmU2NS1lNTgyZDFmMzAzYzAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjBiYzc1YTMzLWUwMjEtNGU1ZS1iZTY1LWU1ODJkMWYzMDNjMCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"0bc75a33-e021-4e5e-be65-e582d1f303c0","prPublicId":"0bc75a33-e021-4e5e-be65-e582d1f303c0","dependencies":[{"name":"body-parser","from":"1.9.0","to":"1.19.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/snyk-platform/project/438ecf63-493d-4811-a229-8ce7f83afeed?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"438ecf63-493d-4811-a229-8ce7f83afeed","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":32,"publishedDate":"2019-04-26T03:31:23.981Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+265 -481

0 comment

2 changed files

pr created time in a few seconds

PR opened snyk-matt/goof-platform

[Snyk(Unlimited)] Upgrade typeorm from 0.2.30 to 0.2.37

<h3>Snyk has created this PR to upgrade typeorm from 0.2.30 to 0.2.37.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 37 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-13.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>typeorm</b></summary> <ul> <li> <b>0.2.37</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.37">2021-08-13</a></br><h3>Bug Fixes</h3> <ul> <li>allow periods in parameter identifiers (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8022" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8022/hovercard">#8022</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/420193892ffe857c532130c0c7b18dcc4c8d38e2">4201938</a>)</li> <li>ConnectionManager <code>connections</code> property should include list of <code>Connection</code>s (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8004" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8004/hovercard">#8004</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/2344db60c4314da31885f5686e94bb6dcb203a96">2344db6</a>)</li> <li>entity value for date columns that are related (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8027" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8027/hovercard">#8027</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/5a3767f58f6ef355b01cf6e92342401a051a369c">5a3767f</a>)</li> <li>handle brackets when only one condition is passed (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8048" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8048/hovercard">#8048</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/ab39066f182d357fcc999cd976510c0e2a61d6de">ab39066</a>)</li> <li>handle enums with multiple apostrophes in MySQL (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8013" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8013/hovercard">#8013</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/37c40a610caecfc3b27b48a87b0e98d715f23395">37c40a6</a>), closes <a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8011" data-hovercard-type="issue" data-hovercard-url="/typeorm/typeorm/issues/8011/hovercard">#8011</a></li> <li>include all drivers in driverfactory error message (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8061" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8061/hovercard">#8061</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/fbd1ef74e84b59ef0b8d99e311f0aced902190e6">fbd1ef7</a>)</li> <li>resolve not returning soft deleted relations with withDeleted find option (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8017" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8017/hovercard">#8017</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/65cbcc79bceac4cf8d15dec8c558dcbc9a037220">65cbcc7</a>)</li> <li>SAP HANA inserts used incorrect value for returning query (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8072" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8072/hovercard">#8072</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/36398dbe467274a9ac08a013ed4daaf307ee2de2">36398db</a>)</li> <li>some drivers set the wrong database name when defined from url (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8058" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8058/hovercard">#8058</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/a3a32849c04a83adbf775fcf07843a934551dbfb">a3a3284</a>)</li> <li>throw error when not connected in drivers (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7995" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7995/hovercard">#7995</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/cd71f62cb8125d1bbd92b341aa2eea1de0ac3537">cd71f62</a>)</li> </ul> <h3>Features</h3> <ul> <li>add relations option to tree queries (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7981" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7981/hovercard">#7981</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/ca26297484542498b8f622f540ca354360d53ed0">ca26297</a>), closes <a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7974" data-hovercard-type="issue" data-hovercard-url="/typeorm/typeorm/issues/7974/hovercard">#7974</a> <a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/4564" data-hovercard-type="issue" data-hovercard-url="/typeorm/typeorm/issues/4564/hovercard">#4564</a></li> <li>add serviceName option for oracle connections (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8021" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8021/hovercard">#8021</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/37bd0124dc81c957b2a036436594ae8c4606eb6c">37bd012</a>)</li> <li>add support to string array on dropColumns (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7654" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7654/hovercard">#7654</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/91d5b2fc374c2f7b1545d40ee76577272de21436">91d5b2f</a>)</li> <li>support Oracle Implicit Results (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/8050" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/8050/hovercard">#8050</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/fe78bee3725efef47d5be6f924b9caf13f3299a7">fe78bee</a>)</li> </ul> </li> <li> <b>0.2.37-dev.fe78bee</b> - 2021-08-08 </li> <li> <b>0.2.37-dev.fbd1ef7</b> - 2021-08-11 </li> <li> <b>0.2.37-dev.fbbac93</b> - 2021-08-03 </li> <li> <b>0.2.37-dev.f7eb46d</b> - 2021-07-31 </li> <li> <b>0.2.37-dev.f0e40f6</b> - 2021-08-06 </li> <li> <b>0.2.37-dev.cd71f62</b> - 2021-07-31 </li> <li> <b>0.2.37-dev.ca26297</b> - 2021-08-04 </li> <li> <b>0.2.37-dev.ba366f2</b> - 2021-08-08 </li> <li> <b>0.2.37-dev.ab39066</b> - 2021-08-06 </li> <li> <b>0.2.37-dev.a5e4ce7</b> - 2021-08-05 </li> <li> <b>0.2.37-dev.a3a3284</b> - 2021-08-10 </li> <li> <b>0.2.37-dev.91d5b2f</b> - 2021-07-31 </li> <li> <b>0.2.37-dev.80cdf8f</b> - 2021-08-11 </li> <li> <b>0.2.37-dev.768b4fe</b> - 2021-08-05 </li> <li> <b>0.2.37-dev.69fabaf</b> - 2021-07-31 </li> <li> <b>0.2.37-dev.65cbcc7</b> - 2021-08-10 </li> <li> <b>0.2.37-dev.5a3767f</b> - 2021-08-08 </li> <li> <b>0.2.37-dev.5714e8d</b> - 2021-08-11 </li> <li> <b>0.2.37-dev.37c40a6</b> - 2021-08-11 </li> <li> <b>0.2.37-dev.37bd012</b> - 2021-08-04 </li> <li> <b>0.2.37-dev.36398db</b> - 2021-08-12 </li> <li> <b>0.2.37-dev.2344db6</b> - 2021-08-04 </li> <li> <b>0.2.37-dev.01a038c</b> - 2021-08-13 </li> <li> <b>0.2.37-dev.4201938</b> - 2021-08-05 </li> <li> <b>0.2.36</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.36">2021-07-31</a></br><h3>Bug Fixes</h3> <ul> <li>add deprecated <code>WhereExpression</code> alias for <code>WhereExpressionBuilder</code> (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7980" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7980/hovercard">#7980</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/76e7ed943779b940212c4e453d97028b5ffed7d0">76e7ed9</a>)</li> <li>always generate migrations with template string literals (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7971" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7971/hovercard">#7971</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/e9c2af610a1c9a632605b71d67b97e048be2e29e">e9c2af6</a>)</li> <li>use js rather than ts in all <code>browser</code> package manifests (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7982" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7982/hovercard">#7982</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/0d90bcdc8c77f2080aa200fe9f4f962b7b01c9ee">0d90bcd</a>)</li> <li>use nvarchar/ntext during transit for SQLServer queries (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7933" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7933/hovercard">#7933</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/62d79762dbfe58219a5673ba4d404fe9f2e40436">62d7976</a>)</li> </ul> <h3>Features</h3> <ul> <li>add postgres connection option <code>applicationName</code> (<a href="https://snyk.io/redirect/github/typeorm/typeorm/issues/7989" data-hovercard-type="pull_request" data-hovercard-url="/typeorm/typeorm/pull/7989/hovercard">#7989</a>) (<a href="https://snyk.io/redirect/github/typeorm/typeorm/commit/d365acca68069d0bd9acea5b45a73d7f4c1f4d8f">d365acc</a>)</li> </ul> </li> <li> <b>0.2.36-dev.d365acc</b> - 2021-07-30 </li> <li> <b>0.2.36-dev.b797781</b> - 2021-07-30 </li> <li> <b>0.2.36-dev.76e7ed94</b> - 2021-07-30 </li> <li> <b>0.2.36-dev.62d7976</b> - 2021-07-31 </li> <li> <b>0.2.36-dev.0d90bcd</b> - 2021-07-30 </li> <li> <b>0.2.35</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.35">2021-07-29</a></br><a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.35"> Read more </a> </li> <li> <b>0.2.35-rc.0</b> - 2021-07-28 </li> <li> <b>0.2.34</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.34">2021-06-03</a></br><p>version bump</p> </li> <li> <b>0.2.33</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.33">2021-06-01</a></br><p>version bump</p> </li> <li> <b>0.2.32</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.32">2021-03-30</a></br><p>version bump</p> </li> <li> <b>0.2.31</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.31">2021-02-08</a></br><p>version bump</p> </li> <li> <b>0.2.30</b> - <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases/tag/0.2.30">2021-01-12</a></br><p>version bump</p> </li> </ul> from <a href="https://snyk.io/redirect/github/typeorm/typeorm/releases">typeorm GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4Y2Y3NDM0Mi00N2RhLTRkOTEtODIyZi1mZTMxZWMzYmQyODQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhjZjc0MzQyLTQ3ZGEtNGQ5MS04MjJmLWZlMzFlYzNiZDI4NCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"8cf74342-47da-4d91-822f-fe31ec3bd284","prPublicId":"8cf74342-47da-4d91-822f-fe31ec3bd284","dependencies":[{"name":"typeorm","from":"0.2.30","to":"0.2.37"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/snyk-platform/project/438ecf63-493d-4811-a229-8ce7f83afeed?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"438ecf63-493d-4811-a229-8ce7f83afeed","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":37,"publishedDate":"2021-08-13T06:42:07.871Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+280 -83

0 comment

2 changed files

pr created time in a few seconds

PR opened snyk-matt/goof-platform

[Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11

<h3>Snyk has created this PR to upgrade tinymce from 4.1.0 to 4.9.11.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 87 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-07-13.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Cross-site Scripting (XSS)<br/> npm:tinymce:20170613 569/1000 <br/> Why? Has a fix available, CVSS 7.1 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Cross-site Scripting (XSS)<br/> npm:tinymce:20150813 569/1000 <br/> Why? Has a fix available, CVSS 7.1 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Cross-site Scripting (XSS)<br/> npm:tinymce:20150610 569/1000 <br/> Why? Has a fix available, CVSS 7.1 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Cross-site Scripting (XSS)<br/> SNYK-JS-TINYMCE-543825 569/1000 <br/> Why? Has a fix available, CVSS 7.1 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Cross-site Scripting (XSS)<br/> npm:tinymce:20180522 569/1000 <br/> Why? Has a fix available, CVSS 7.1 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png" width="20" height="20" title="critical severity"/> Cross-site Scripting (XSS)<br/> SNYK-JS-TINYMCE-598223 569/1000 <br/> Why? Has a fix available, CVSS 7.1 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Cross-site Scripting (XSS)<br/> SNYK-JS-TINYMCE-568922 569/1000 <br/> Why? Has a fix available, CVSS 7.1 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>tinymce</b></summary> <ul> <li> <b>4.9.11</b> - 2020-07-13 </li> <li> <b>4.9.10</b> - 2020-04-23 </li> <li> <b>4.9.9</b> - 2020-03-25 </li> <li> <b>4.9.8</b> - 2020-01-28 </li> <li> <b>4.9.7</b> - 2019-12-19 </li> <li> <b>4.9.6</b> - 2019-09-02 </li> <li> <b>4.9.5</b> - 2019-07-03 </li> <li> <b>4.9.4</b> - 2019-03-20 </li> <li> <b>4.9.3</b> - 2019-01-31 </li> <li> <b>4.9.2</b> - 2018-12-17 </li> <li> <b>4.9.1</b> - 2018-12-04 </li> <li> <b>4.9.0</b> - 2018-11-27 </li> <li> <b>4.8.5</b> - 2018-10-31 </li> <li> <b>4.8.4</b> - 2018-10-23 </li> <li> <b>4.8.3</b> - 2018-09-13 </li> <li> <b>4.8.2</b> - 2018-08-09 </li> <li> <b>4.8.1</b> - 2018-07-26 </li> <li> <b>4.8.0</b> - 2018-07-11 </li> <li> <b>4.7.13</b> - 2018-05-16 </li> <li> <b>4.7.12</b> - 2018-05-03 </li> <li> <b>4.7.11</b> - 2018-04-11 </li> <li> <b>4.7.10</b> - 2018-04-03 </li> <li> <b>4.7.9</b> - 2018-02-27 </li> <li> <b>4.7.8</b> - 2018-02-26 </li> <li> <b>4.7.7</b> - 2018-02-19 </li> <li> <b>4.7.6</b> - 2018-01-29 </li> <li> <b>4.7.5</b> - 2018-01-22 </li> <li> <b>4.7.4</b> - 2017-12-05 </li> <li> <b>4.7.3</b> - 2017-11-23 </li> <li> <b>4.7.2</b> - 2017-11-07 </li> <li> <b>4.7.1</b> - 2017-10-09 </li> <li> <b>4.7.0</b> - 2017-10-03 </li> <li> <b>4.6.7</b> - 2017-09-18 </li> <li> <b>4.6.6</b> - 2017-08-30 </li> <li> <b>4.6.5</b> - 2017-08-02 </li> <li> <b>4.6.4</b> - 2017-06-13 </li> <li> <b>4.6.3</b> - 2017-05-30 </li> <li> <b>4.6.2</b> - 2017-05-23 </li> <li> <b>4.6.1</b> - 2017-05-10 </li> <li> <b>4.6.0</b> - 2017-05-04 </li> <li> <b>4.5.12</b> - 2020-07-14 </li> <li> <b>4.5.10</b> - 2018-11-07 </li> <li> <b>4.5.9</b> - 2018-08-03 </li> <li> <b>4.5.8</b> - 2017-10-05 </li> <li> <b>4.5.7</b> - 2017-04-25 </li> <li> <b>4.5.6</b> - 2017-03-30 </li> <li> <b>4.5.5</b> - 2017-03-07 </li> <li> <b>4.5.4</b> - 2017-02-23 </li> <li> <b>4.5.3</b> - 2017-02-01 </li> <li> <b>4.5.2</b> - 2017-01-04 </li> <li> <b>4.5.1</b> - 2016-12-07 </li> <li> <b>4.5.0</b> - 2016-11-23 </li> <li> <b>4.4.3</b> - 2016-09-01 </li> <li> <b>4.4.2</b> - 2016-08-25 </li> <li> <b>4.4.1</b> - 2016-07-26 </li> <li> <b>4.4.0</b> - 2016-06-30 </li> <li> <b>4.3.13</b> - 2016-06-08 </li> <li> <b>4.3.12</b> - 2016-05-10 </li> <li> <b>4.3.11</b> - 2016-04-25 </li> <li> <b>4.3.10</b> - 2016-04-12 </li> <li> <b>4.3.9</b> - 2016-04-12 </li> <li> <b>4.3.8</b> - 2016-03-15 </li> <li> <b>4.3.7</b> - 2016-03-02 </li> <li> <b>4.3.6</b> - 2016-03-01 </li> <li> <b>4.3.5</b> - 2016-02-11 </li> <li> <b>4.3.3</b> - 2016-01-13 </li> <li> <b>4.3.2</b> - 2015-12-14 </li> <li> <b>4.3.1</b> - 2015-11-30 </li> <li> <b>4.3.0</b> - 2015-11-23 </li> <li> <b>4.2.8</b> - 2015-11-13 </li> <li> <b>4.2.7</b> - 2015-10-27 </li> <li> <b>4.2.6</b> - 2015-09-28 </li> <li> <b>4.2.5</b> - 2015-08-31 </li> <li> <b>4.2.4</b> - 2015-08-21 </li> <li> <b>4.2.3</b> - 2015-07-30 </li> <li> <b>4.2.2</b> - 2015-07-22 </li> <li> <b>4.2.1</b> - 2015-06-29 </li> <li> <b>4.2.0</b> - 2015-06-25 </li> <li> <b>4.1.10</b> - 2015-05-05 </li> <li> <b>4.1.9</b> - 2015-03-10 </li> <li> <b>4.1.8</b> - 2015-03-05 </li> <li> <b>4.1.7</b> - 2014-11-27 </li> <li> <b>4.1.6</b> - 2014-10-08 </li> <li> <b>4.1.5</b> - 2014-09-09 </li> <li> <b>4.1.4</b> - 2014-08-21 </li> <li> <b>4.1.3</b> - 2014-07-29 </li> <li> <b>4.1.2</b> - 2014-07-15 </li> <li> <b>4.1.0</b> - 2014-06-18 </li> </ul> from <a href="https://snyk.io/redirect/github/tinymce/tinymce/releases">tinymce GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwNDc2YzZlYy1lM2YyLTQxOGItODljYi1jMjgyMjM3MDNlMTQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjA0NzZjNmVjLWUzZjItNDE4Yi04OWNiLWMyODIyMzcwM2UxNCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"0476c6ec-e3f2-418b-89cb-c28223703e14","prPublicId":"0476c6ec-e3f2-418b-89cb-c28223703e14","dependencies":[{"name":"tinymce","from":"4.1.0","to":"4.9.11"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/snyk-platform/project/438ecf63-493d-4811-a229-8ce7f83afeed?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"438ecf63-493d-4811-a229-8ce7f83afeed","env":"prod","prType":"upgrade","vulns":["npm:tinymce:20170613","npm:tinymce:20150813","npm:tinymce:20150610","SNYK-JS-TINYMCE-543825","npm:tinymce:20180522","SNYK-JS-TINYMCE-598223","SNYK-JS-TINYMCE-568922"],"issuesToFix":[{"issueId":"npm:tinymce:20170613","severity":"high","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":569,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355}]},{"issueId":"npm:tinymce:20150813","severity":"high","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":569,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355}]},{"issueId":"npm:tinymce:20150610","severity":"high","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":569,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355}]},{"issueId":"SNYK-JS-TINYMCE-543825","severity":"high","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":579,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"npm:tinymce:20180522","severity":"medium","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":539,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325}]},{"issueId":"SNYK-JS-TINYMCE-598223","severity":"critical","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit","priorityScore":694,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.6","score":480}]},{"issueId":"SNYK-JS-TINYMCE-568922","severity":"medium","title":"Cross-site Scripting (XSS)","exploitMaturity":"proof-of-concept","priorityScore":636,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315}]}],"upgrade":["npm:tinymce:20170613","npm:tinymce:20150813","npm:tinymce:20150610","SNYK-JS-TINYMCE-543825","npm:tinymce:20180522","SNYK-JS-TINYMCE-598223","SNYK-JS-TINYMCE-568922"],"upgradeInfo":{"versionsDiff":87,"publishedDate":"2020-07-13T05:29:07.767Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[569,569,569,579,539,694,636]}) --->

+10 -10

0 comment

2 changed files

pr created time in a few seconds

PR opened fbovo-2/website

[Snyk] Upgrade nuxt from 2.15.4 to 2.15.8

<h3>Snyk has created this PR to upgrade nuxt from 2.15.4 to 2.15.8.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-11.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2MmM5NzVjZS05M2NkLTRkNDMtOTg0Zi0yNmQ2NDRmNTZhMzEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjYyYzk3NWNlLTkzY2QtNGQ0My05ODRmLTI2ZDY0NGY1NmEzMSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"62c975ce-93cd-4d43-984f-26d644f56a31","prPublicId":"62c975ce-93cd-4d43-984f-26d644f56a31","dependencies":[{"name":"nuxt","from":"2.15.4","to":"2.15.8"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/fbovo/project/3fd4f9fd-b3fb-4f2d-a76e-ef6abbcbbced?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"3fd4f9fd-b3fb-4f2d-a76e-ef6abbcbbced","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2021-08-11T21:10:44.492Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1032 -574

0 comment

2 changed files

pr created time in 5 minutes

PR opened fbovo-2/website

[Snyk] Upgrade core-js from 3.11.0 to 3.16.4

<h3>Snyk has created this PR to upgrade core-js from 3.11.0 to 3.16.4.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 16 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2021-08-29.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2Y2NiZmVhNy01MmM4LTQxMDItOGI1ZC0xZmE1N2Y4MmVjYTgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjZjY2JmZWE3LTUyYzgtNDEwMi04YjVkLTFmYTU3ZjgyZWNhOCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"6ccbfea7-52c8-4102-8b5d-1fa57f82eca8","prPublicId":"6ccbfea7-52c8-4102-8b5d-1fa57f82eca8","dependencies":[{"name":"core-js","from":"3.11.0","to":"3.16.4"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/fbovo/project/3fd4f9fd-b3fb-4f2d-a76e-ef6abbcbbced?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"3fd4f9fd-b3fb-4f2d-a76e-ef6abbcbbced","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":16,"publishedDate":"2021-08-29T14:55:50.691Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+7 -2

0 comment

2 changed files

pr created time in 5 minutes

PR opened fbovo-2/website

[Snyk] Upgrade apollo-server-lambda from 2.23.0 to 2.25.2

<h3>Snyk has created this PR to upgrade apollo-server-lambda from 2.23.0 to 2.25.2.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 16 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2021-06-22.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiMWRjOTA1My03MjA3LTQ0ZDUtYjA4My1hYTU1NWNjNWFkZmYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImIxZGM5MDUzLTcyMDctNDRkNS1iMDgzLWFhNTU1Y2M1YWRmZiJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"b1dc9053-7207-44d5-b083-aa555cc5adff","prPublicId":"b1dc9053-7207-44d5-b083-aa555cc5adff","dependencies":[{"name":"apollo-server-lambda","from":"2.23.0","to":"2.25.2"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/fbovo/project/3fd4f9fd-b3fb-4f2d-a76e-ef6abbcbbced?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"3fd4f9fd-b3fb-4f2d-a76e-ef6abbcbbced","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":16,"publishedDate":"2021-06-22T19:54:00.601Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+104 -151

0 comment

2 changed files

pr created time in 5 minutes

PR opened sumanthreddy-a/cmp

[Snyk] Upgrade mongoose from 5.2.4 to 5.13.8

<h3>Snyk has created this PR to upgrade mongoose from 5.2.4 to 5.13.8.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 207 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-08-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-MQUERY-1089718 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-MQUERY-1050858 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-MPATH-72672 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-73638 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-608086 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-450202 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Command Injection<br/> SNYK-JS-LODASH-1040724 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Information Exposure<br/> SNYK-JS-MONGOOSE-472486 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-MONGOOSE-1086688 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-LODASH-73639 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png" width="20" height="20" title="critical severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-590103 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-567746 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-LODASH-1018905 696/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>mongoose</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/cb1e7872da51f6ae219ee3942bcbc6b8e125f900">cb1e787</a> chore: release 5.13.8</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/5c0140c7db18f2cd800011821c85e2a8617ffff8">5c0140c</a> fix(index.d.ts): add `match` to `VirtualTypeOptions.options`</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/6122f4bca9c5376dc23124cb2b53d6331fae7a1b">6122f4b</a> docs(api): add `Document#$where` to API docs</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/2871c1bff9dd4ccf5c642991bee599782f30f9fb">2871c1b</a> style: fix lint</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/8d00f62e1cc9a04f8e492c7995e3e9820412ad28">8d00f62</a> Merge pull request #10587 from osmanakol/master</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/57e729bc9b51bb8f27a521ee1c83eb74422fe3ad">57e729b</a> allow QueryOptions populate parameter use PopulateOptions</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/6c362631a2c7680737723dbc0c91262286a7b164">6c36263</a> fix(index.d.ts): allow strings for ObjectIds in nested properties</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/e90aab12bf3ced0d0ac7b5994a0530f77fc9f8e5">e90aab1</a> docs(History): make a note about #10555</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/fca0627566b961d3db9616a10ee3c80121cbb0e2">fca0627</a> style: fix lint</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/6b9259998a95c2552d412f9bd297125764db9cf8">6b92599</a> fix(populate): handle populating subdoc array virtual with sort</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/283d43faaa31a9c9b77bba5cd80caea901c1f411">283d43f</a> test(populate): repro #10552</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/b31fd51f51d49189894851411f11ef5aef4c4edf">b31fd51</a> fix(model): check for `code` instead of `codeName` when checking for existing collections for backwards compat with MongoDB 3.2</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/79d1a8e1cba1b1b0306d6e2f2aa2a1a8384c2736">79d1a8e</a> fix(index.d.ts): correct value of `this` for custom query helper methods</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/ec41d2222e4692169d15c6f0a968c71ed256fd56">ec41d22</a> chore: release 5.13.7</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/75c3d1836746851bdb5f56e554f224cff3a3267c">75c3d18</a> Merge pull request #10546 from shahriar-shojib/fix_types</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/22a3570125037dcc650665d894cc6be53373d409">22a3570</a> fix: fix build again</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/0b3083af586680bf528636ae4dcefd9d7791ece5">0b3083a</a> Merge pull request #10550 from thiagokisaki/patch-5</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/fa1c43c8a46a4e47c69750c931c73fc656e3d475">fa1c43c</a> fix: correct types</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/711ded8da2f83eda0e446484bbeb9ba3fd0b01c9">711ded8</a> fix: fix build</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/2f57e768a691edacb6590d3ff51b0adcfff28481">2f57e76</a> fix: fix build</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/100101b3bf4e1ae8d122d806b75190244e88c19a">100101b</a> fix: apply code review suggestions re: loose typing to `push()` and remove unused code</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/7e398a948c03756879816d5478cfd71fb28d2a59">7e398a9</a> test(typescript): add coverage for #10562</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/2a608e3c7a06c1104d6147e896314b935b2cdab2">2a608e3</a> style: fix lint</li> <li><a href="https://snyk.io/redirect/github/Automattic/mongoose/commit/134cdbd3715a3af23d22c9de3b949192fd22fa6c">134cdbd</a> Merge pull request #10562 from JaredReisinger/patch-1</li> </ul>

<a href="https://snyk.io/redirect/github/Automattic/mongoose/compare/d166da62745ce6dabad6cf6104e8c6a892afae68...cb1e7872da51f6ae219ee3942bcbc6b8e125f900">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1Y2IwMDRkMC1mYjZiLTQyY2MtOTdjMi03M2RkYzQyMDdjMmEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjVjYjAwNGQwLWZiNmItNDJjYy05N2MyLTczZGRjNDIwN2MyYSJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=mongoose&from_version=5.2.4&to_version=5.13.8&pr_id=5cb004d0-fb6b-42cc-97c2-73ddc4207c2a&visibility=false&has_feature_flag=false" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"5cb004d0-fb6b-42cc-97c2-73ddc4207c2a","prPublicId":"5cb004d0-fb6b-42cc-97c2-73ddc4207c2a","dependencies":[{"name":"mongoose","from":"5.2.4","to":"5.13.8"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sumanth/project/593abe59-577d-4db8-9270-bebf1af6b940?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"593abe59-577d-4db8-9270-bebf1af6b940","env":"prod","prType":"upgrade","vulns":["SNYK-JS-MQUERY-1089718","SNYK-JS-MQUERY-1050858","SNYK-JS-MPATH-72672","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-1040724","SNYK-JS-MONGOOSE-472486","SNYK-JS-MONGOOSE-1086688","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-590103","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-1018905"],"issuesToFix":[{"issueId":"SNYK-JS-MQUERY-1089718","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":696,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-MQUERY-1050858","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":686,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-MPATH-72672","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":579,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-73638","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":365,"priorityScoreFactors":[{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-608086","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":472,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-450202","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":472,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-1040724","severity":"high","title":"Command Injection","exploitMaturity":"proof-of-concept","priorityScore":467,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.2","score":360}]},{"issueId":"SNYK-JS-MONGOOSE-472486","severity":"medium","title":"Information Exposure","exploitMaturity":"no-known-exploit","priorityScore":509,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295}]},{"issueId":"SNYK-JS-MONGOOSE-1086688","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":601,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.6","score":280}]},{"issueId":"SNYK-JS-LODASH-73639","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":220,"priorityScoreFactors":[{"type":"cvssScore","label":"4.4","score":220}]},{"issueId":"SNYK-JS-LODASH-590103","severity":"critical","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":490,"priorityScoreFactors":[{"type":"cvssScore","label":"9.8","score":490}]},{"issueId":"SNYK-JS-LODASH-567746","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":636,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315}]},{"issueId":"SNYK-JS-LODASH-1018905","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]}],"upgrade":["SNYK-JS-MQUERY-1089718","SNYK-JS-MQUERY-1050858","SNYK-JS-MPATH-72672","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-1040724","SNYK-JS-MONGOOSE-472486","SNYK-JS-MONGOOSE-1086688","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-590103","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-1018905"],"upgradeInfo":{"versionsDiff":207,"publishedDate":"2021-08-23T15:49:58.252Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[696,686,579,365,472,472,467,509,601,220,490,636,372]}) --->

+153 -64

0 comment

2 changed files

pr created time in 12 minutes

PR opened jfoclpf/form-for-parking-violation

[Snyk] Upgrade leaflet.markercluster from 1.5.0 to 1.5.1

<h3>Snyk has created this PR to upgrade leaflet.markercluster from 1.5.0 to 1.5.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-08-29.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>leaflet.markercluster</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/01e74ec234305f9a3f04bf71b79fcb9ba917bbb7">01e74ec</a> 1.5.1</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/11317c44fc3be01b526f2739f37e41520fdccafa">11317c4</a> changelogs for 1.5.1</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/2630ba3e538b20eeb87cc014691fd9693ee16d57">2630ba3</a> Revert "1.5.0"</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/7310c9222b01c43827ba13831d7283aed917a81b">7310c92</a> Revert "spiderfy on keypress patch changelog"</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/c6f485bcb589dfe1e5513208296a04782a761ea4">c6f485b</a> spiderfy on keypress patch changelog</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/6d664b7cfeb901546b6f7d3974e6ba7c39e0c889">6d664b7</a> 1.5.0</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/568a90c02954a7e7220a21c0f622e667d3afce1e">568a90c</a> Merge pull request #1005 from neorth/keypress-spiderfy</li> <li><a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/commit/e1edde68d9d8a71f8c5fb5ed14b1e7278368a6d9">e1edde6</a> Spiderfy on keypress</li> </ul>

<a href="https://snyk.io/redirect/github/Leaflet/Leaflet.markercluster/compare/499f71caa1fe8a4efcf91b85e42553f9a90306f1...01e74ec234305f9a3f04bf71b79fcb9ba917bbb7">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZGQ0ZTc1ZS01NmY2LTRlN2EtYWE3Ni01MWZmY2JlMWQzNTMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVkZDRlNzVlLTU2ZjYtNGU3YS1hYTc2LTUxZmZjYmUxZDM1MyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"edd4e75e-56f6-4e7a-aa76-51ffcbe1d353","prPublicId":"edd4e75e-56f6-4e7a-aa76-51ffcbe1d353","dependencies":[{"name":"leaflet.markercluster","from":"1.5.0","to":"1.5.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/jfoclpf/project/9657932c-37cf-4f6c-8172-f9f2550205cc?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"9657932c-37cf-4f6c-8172-f9f2550205cc","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2021-08-29T00:13:26.874Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+325 -9

0 comment

2 changed files

pr created time in 16 minutes

PR opened odo-network/react-state-modules

[Snyk] Security upgrade react-dev-utils from 5.0.1 to 11.0.0

<h3>Snyk has created this PR to fix one or more vulnerable packages in the yarn dependencies of this project.</h3>

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/redux-compare/package.json
    • examples/redux-compare/yarn.lock

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000 <br/> Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 Regular Expression Denial of Service (ReDoS) <br/>SNYK-JS-ANSIREGEX-1583908 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5ZGM1NmFiZC05OTU2LTQ2YjUtOGFmMy00ZWI0MGY0NGMyZGQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjlkYzU2YWJkLTk5NTYtNDZiNS04YWYzLTRlYjQwZjQ0YzJkZCJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=yarn&package_name=react-dev-utils&from_version=5.0.1&to_version=11.0.0&pr_id=9dc56abd-9956-46b5-8af3-4eb40f44c2dd&visibility=false&has_feature_flag=false" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

+856 -322

0 comment

2 changed files

pr created time in 18 minutes

PR opened tmcgee/cmv-widgets

[Snyk] Security upgrade eslint from 6.8.0 to 7.16.0

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000 <br/> Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 Regular Expression Denial of Service (ReDoS) <br/>SNYK-JS-ANSIREGEX-1583908 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>eslint</b></summary> The new version differs by 250 commits.</br> <ul> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/145aec1ab9052fbca96a44d04927c595951b1536">145aec1</a> 7.16.0</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/83518a5610020186553fce028d8564e259521be8">83518a5</a> Build: changelog update for 7.16.0</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/a62ad6f03151358b93b5fede022a30d67310705c">a62ad6f</a> Update: fix false negative of no-extra-parens with NewExpression (#13930)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/f85b4c72668c95c79fdb342b74dbd53d21baa93f">f85b4c7</a> Fix: require-atomic-updates false positive across await (fixes #11954) (#13915)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/301d0c05229dbd6cfb1045d716524e8ec46fa2c1">301d0c0</a> Fix: no-constant-condition false positives with unary expressions (#13927)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/555c128b49ae6d9c100a9f8429416417edb40d13">555c128</a> Fix: false positive with await and ** in no-extra-parens (fixes #12739) (#13923)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/d93c9350361d2aa1a1976c553e47ab399e51e8c9">d93c935</a> Docs: update JSON Schema links (#13936)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/8d0c93a7ef9449c7b7d082bbb4b7d8465b0d6bac">8d0c93a</a> Upgrade: table@6.0.4 (#13920)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/924768377a4935a95a6ff3866f9545a5a6178b53">9247683</a> Docs: Remove for deleted npm run profile script (#13931)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/ab240d49833b4e6e594667c1abe5b0caa8a9cf70">ab240d4</a> Fix: prefer-exponentiation-operator invalid autofix with await (#13924)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/dc7691103554a99bdb2142561cb507f50f547e3b">dc76911</a> Chore: Add .pre-commit-hooks.yaml file (#13628)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/2124e1b5dad30a905dc26bde9da472bf622d3f50">2124e1b</a> Docs: Fix wrong rule name (#13913)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/06b58096975935ec016d96dd5f333f059c270f26">06b5809</a> Sponsors: Sync README with website</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/26fc12f88109af9d4081bf0e16364c411bce3009">26fc12f</a> Docs: Update README team and sponsors</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/902a03219eca513a84457251ed53978a9e26fb4e">902a032</a> 7.15.0</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/6356778601809840ab0f2ffbff90a5620d7c58a5">6356778</a> Build: changelog update for 7.15.0</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/5c11aabbe8249aeb8cad29bc6a33fc20c8c683ef">5c11aab</a> Upgrade: @ eslint/esintrc and espree for bug fixes (refs #13878) (#13908)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/0eb7957e27fd521317bd5c8479ce7abc1399169c">0eb7957</a> Upgrade: file-entry-cache@6.0.0 (#13877)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/683ad00c41e1ae4d889deff82b2a94318e8c2129">683ad00</a> New: no-unsafe-optional-chaining rule (fixes #13431) (#13859)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/cbc57fb7d07c00663ed5781f5e6bc8f534cc2d76">cbc57fb</a> Fix: one-var autofixing for export (fixes #13834) (#13891)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/110cf962d05625a8a1bf7b5f4ec2194db150eb32">110cf96</a> Docs: Fix a broken link in working-with-rules.md (#13875)</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/0cb81a9b90dd6b92bac383022f886e501bd2cb31">0cb81a9</a> 7.14.0</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/fb3a594191f0aeac14042baf0bfa9aff9a05a96d">fb3a594</a> Build: changelog update for 7.14.0</li> <li><a href="https://snyk.io/redirect/github/eslint/eslint/commit/5f0907399a9666dec78c74384c8969c01483c30e">5f09073</a> Update: fix 'skip' options in no-irregular-whitespace (fixes #13852) (#13853)</li> </ul>

<a href="https://snyk.io/redirect/github/eslint/eslint/compare/9738f8cc864d769988ccf42bb70f524444df1349...145aec1ab9052fbca96a44d04927c595951b1536">See the full diff</a> </details> </details>

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkN2Y3ZGZiZS1hYWIxLTRkNGItOTJiMi0zZWNjODI3MzExMTgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQ3ZjdkZmJlLWFhYjEtNGQ0Yi05MmIyLTNlY2M4MjczMTExOCJ9fQ==" width="0" height="0"/> ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

+1 -1

0 comment

1 changed file

pr created time in 19 minutes

PR opened turkdevops/jquery

[Snyk] Upgrade core-js-bundle from 3.6.5 to 3.16.4

<h3>Snyk has created this PR to upgrade core-js-bundle from 3.6.5 to 3.16.4.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 27 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2021-08-29.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>core-js-bundle</b></summary> <ul> <li> <b>3.16.4</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.4">2021-08-29</a></br><ul> <li><code>AsyncFromSyncIterator</code> made stricter, related mainly to <code>AsyncIterator.from</code> and <code>AsyncIterator.prototype.flatMap</code></li> <li>Handling of optional <code>.next</code> arguments in <code>(Async)Iterator</code> methods is aligned with the current spec draft (mainly - ignoring the first passed to <code>.next</code> argument in built-in generators)</li> <li>Behavior of <code>.next</code>, <code>.return</code>, <code>.throw</code> methods on <code>AsyncIterator</code> helpers proxy iterators aligned with the current spec draft (built-in async generators) (mainly - some early errors moved to returned promises)</li> <li>Fixed some cases of safe iteration closing</li> <li>Fixed dependencies of some entry points</li> </ul> </li> <li> <b>3.16.3</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.3">2021-08-24</a></br><ul> <li>Fixed <code>CreateAsyncFromSyncIterator</code> semantic in <code>AsyncIterator.from</code>, related to <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/765" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/765/hovercard">#765</a></li> <li>Added a workaround of a specific case of broken <code>Object.prototype</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/973" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/973/hovercard">#973</a></li> </ul> </li> <li> <b>3.16.2</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.2">2021-08-17</a></br><ul> <li>Added a workaround of a Closure Compiler unsafe optimization, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/972" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/972/hovercard">#972</a></li> <li>One more fix crashing of <code>Object.create(null)</code> on WSH, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/970" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/970/hovercard">#970</a></li> <li>Added Deno 1.14 compat data mapping</li> </ul> </li> <li> <b>3.16.1</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.1">2021-08-08</a></br><ul> <li>Fixed microtask implementation on iOS Pebble, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/967" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/967/hovercard">#967</a></li> <li>Fixed some entry points</li> <li>Improved old Safari compat data</li> </ul> </li> <li> <b>3.16.0</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.0">2021-07-30</a></br><ul> <li><a href="https://snyk.io/redirect/github/tc39/proposal-array-find-from-last"><code>Array</code> find from last proposal</a> moved to the stage 3, <a href="https://snyk.io/redirect/github/tc39/proposal-array-find-from-last/pull/47" data-hovercard-type="pull_request" data-hovercard-url="/tc39/proposal-array-find-from-last/pull/47/hovercard">July 2021 TC39 meeting</a></li> <li><a href="https://snyk.io/redirect/github/tc39/proposal-array-filtering"><code>Array</code> filtering stage 1 proposal</a>: <ul> <li><code>Array.prototype.filterReject</code> replaces <code>Array.prototype.filterOut</code></li> <li><code>%TypedArray%.prototype.filterReject</code> replaces <code>%TypedArray%.prototype.filterOut</code></li> </ul> </li> <li>Added <a href="https://snyk.io/redirect/github/tc39/proposal-array-grouping"><code>Array</code> grouping stage 1 proposal</a>: <ul> <li><code>Array.prototype.groupBy</code></li> <li><code>%TypedArray%.prototype.groupBy</code></li> </ul> </li> <li>Work with symbols made stricter: some missed before cases of methods that should throw an error on symbols now works as they should</li> <li>Handling <code>@@ toPrimitive</code> in some cases of <code>ToPrimitive</code> internal logic made stricter</li> <li>Fixed work of <code>Request</code> with polyfilled <code>URLSearchParams</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/965" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/965/hovercard">#965</a></li> <li>Fixed possible exposing of collections elements metadata in some cases, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/427" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/427/hovercard">#427</a></li> <li>Fixed crashing of <code>Object.create(null)</code> on WSH, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/966" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/966/hovercard">#966</a></li> <li>Fixed some cases of typed arrays subclassing logic</li> <li>Fixed a minor bug related to string conversion in <code>RegExp#exec</code></li> <li>Fixed <code>Date.prototype.getYear</code> feature detection</li> <li>Fixed content of some entry points</li> <li>Some minor optimizations and refactoring</li> <li>Deno: <ul> <li>Added Deno support (sure, after bundling since Deno does not support CommonJS)</li> <li>Allowed <code>deno</code> target in <code>core-js-compat</code> / <code>core-js-builder</code></li> <li>A bundle for Deno published on <a href="https://deno.land/x/corejs" rel="nofollow">deno.land/x/corejs</a></li> </ul> </li> <li>Added / updated compat data / mapping: <ul> <li>Deno 1.0-1.13</li> <li>NodeJS up to 16.6</li> <li>iOS Safari up to 15.0</li> <li>Samsung Internet up to 15.0</li> <li>Opera Android up to 64</li> <li><code>Object.hasOwn</code> marked as supported from <a href="https://chromestatus.com/feature/5662263404920832" rel="nofollow">V8 9.3</a> and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1721149" rel="nofollow">FF92</a></li> <li><code>Date.prototype.getYear</code> marked as not supported in IE8-</li> </ul> </li> <li>Added <code>summary</code> option to <code>core-js-builder</code>, see more info in the <a href="https://snyk.io/redirect/github/zloirock/core-js/blob/master/packages/core-js-builder/README.md"><code>README</code></a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/910" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/910/hovercard">#910</a></li> </ul> </li> <li> <b>3.15.2</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.15.2">2021-06-29</a></br><ul> <li>Worked around breakage related to <code>zone.js</code> loaded before <code>core-js</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/953" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/953/hovercard">#953</a></li> <li>Added NodeJS 16.4 -> Chrome 91 compat data mapping</li> </ul> </li> <li> <b>3.15.1</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.15.1">2021-06-22</a></br><ul> <li>Fixed cloning of regex through <code>RegExp</code> constructor, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/948" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/948/hovercard">#948</a></li> </ul> </li> <li> <b>3.15.0</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.15.0">2021-06-20</a></br><ul> <li>Added <code>RegExp</code> named capture groups polyfill, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/521" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/521/hovercard">#521</a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/944" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/944/hovercard">#944</a></li> <li>Added <code>RegExp</code> <code>dotAll</code> flag polyfill, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/792" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/792/hovercard">#792</a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/944" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/944/hovercard">#944</a></li> <li>Added missed polyfills of <a href="https://tc39.es/ecma262/#sec-additional-built-in-properties" rel="nofollow">Annex B</a> features (required mainly for some non-browser engines), <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/336" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/336/hovercard">#336</a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/945" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/945/hovercard">#945</a>: <ul> <li><code>escape</code></li> <li><code>unescape</code></li> <li><code>String.prototype.substr</code></li> <li><code>Date.prototype.getYear</code></li> <li><code>Date.prototype.setYear</code></li> <li><code>Date.prototype.toGMTString</code></li> </ul> </li> <li>Fixed detection of forbidden host code points in <code>URL</code> polyfill</li> <li>Allowed <code>rhino</code> target in <code>core-js-compat</code> / <code>core-js-builder</code>, added compat data for <code>rhino</code> 1.7.13, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/942" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/942/hovercard">#942</a>, thanks <a href="https://snyk.io/redirect/github/gausie">@ gausie</a></li> <li><code>.at</code> marked as supported from FF90</li> </ul> </li> <li> <b>3.14.0</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.14.0">2021-06-05</a></br><ul> <li>Added polyfill of stable sort in <code>{ Array, %TypedArray% }.prototype.sort</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/769" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/769/hovercard">#769</a></li> <li>Fixed <code>Safari</code> 14.0- <code>%TypedArray%.prototype.sort</code> validation of arguments bug</li> <li><code>.at</code> marked as supported from V8 9.2</li> </ul> </li> <li> <b>3.13.1</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.13.1">2021-05-29</a></br><ul> <li>Overwrites <code>get-own-property-symbols</code> third-party <code>Symbol</code> polyfill if it's used since it causes a stack overflow, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/774" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/774/hovercard">#774</a></li> <li>Added a workaround of possible browser crash on <code>Object.prototype</code> accessors methods in WebKit ~ Android 4.0, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/232" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/232/hovercard">#232</a></li> </ul> </li> <li> <b>3.13.0</b> - 2021-05-25 </li> <li> <b>3.12.1</b> - 2021-05-08 </li> <li> <b>3.12.0</b> - 2021-05-06 </li> <li> <b>3.11.3</b> - 2021-05-05 </li> <li> <b>3.11.2</b> - 2021-05-03 </li> <li> <b>3.11.1</b> - 2021-04-28 </li> <li> <b>3.11.0</b> - 2021-04-22 </li> <li> <b>3.10.2</b> - 2021-04-19 </li> <li> <b>3.10.1</b> - 2021-04-07 </li> <li> <b>3.10.0</b> - 2021-03-31 </li> <li> <b>3.9.1</b> - 2021-02-28 </li> <li> <b>3.9.0</b> - 2021-02-18 </li> <li> <b>3.8.3</b> - 2021-01-19 </li> <li> <b>3.8.2</b> - 2021-01-03 </li> <li> <b>3.8.1</b> - 2020-12-06 </li> <li> <b>3.8.0</b> - 2020-11-25 </li> <li> <b>3.7.0</b> - 2020-11-06 </li> <li> <b>3.6.5</b> - 2020-04-10 </li> </ul> from <a href="https://snyk.io/redirect/github/zloirock/core-js/releases">core-js-bundle GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjZjk3ZmJmYS0yZmMzLTQyYTEtOTE0Zi01YWEzMDk2NGQ1MzQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImNmOTdmYmZhLTJmYzMtNDJhMS05MTRmLTVhYTMwOTY0ZDUzNCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"cf97fbfa-2fc3-42a1-914f-5aa30964d534","prPublicId":"cf97fbfa-2fc3-42a1-914f-5aa30964d534","dependencies":[{"name":"core-js-bundle","from":"3.6.5","to":"3.16.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kadirselcuk/project/28ac5072-f66b-4183-bbda-99b4324cbf96?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"28ac5072-f66b-4183-bbda-99b4324cbf96","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":27,"publishedDate":"2021-08-29T14:55:50.502Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 19 minutes

PR opened catflip/DistroCamicroscope

[Snyk] Upgrade snyk from 1.349.0 to 1.695.0

<h3>Snyk has created this PR to upgrade snyk from 1.349.0 to 1.695.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 436 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-08-29.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-Y18N-1021887 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Remote Code Execution (RCE)<br/> SNYK-JS-PACRESOLVER-1564857 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-NORMALIZEURL-1296539 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Server-side Request Forgery (SSRF)<br/> SNYK-JS-NETMASK-1089716 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-INI-1048974 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-ANSIREGEX-1583908 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-ANSIREGEX-1583908 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-ANSIREGEX-1583908 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-ANSIREGEX-1583908 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service (DoS)<br/> SNYK-JS-JSZIP-1251497 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Denial of Service (DoS)<br/> SNYK-JS-JSZIP-1251497 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-HOSTEDGITINFO-1088355 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-HOSTEDGITINFO-1088355 472/1000 <br/> Why? Proof of Concept exploit, CVSS 7.3 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>snyk</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/392ccd728297e1a7000d2b5d6c2b93b0c0d551b1">392ccd7</a> Merge pull request #2200 from snyk/feat/shaded-jars-snanning</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/f23fc8b55c918ecae931f36a85f61f59b3826991">f23fc8b</a> Merge pull request #2197 from snyk/test/use-fake-server-for-cli-args-tests</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/44a75a6eb13d5d64e5d3401ea79d8f20da191cdf">44a75a6</a> test: disable analytics on jest acceptance tests</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/208417dae65d15a01b285924d57ae4ca3f1e4702">208417d</a> test: use fake server for cli-args acc tests</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/075180473a80703ff704a6af84a9b609e7b642a8">0751804</a> Merge pull request #2173 from snyk/feat/cli-ff</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/747f8ceceb355d3cac0b46302a6f9c89e34eb427">747f8ce</a> feat: fail fast when `cliFailFast` feature flag is set</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/8767af0fb0cc25036b747f61037f20411c5cea64">8767af0</a> feat: Return vulns from shaded jars</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/63975cecee24ffae37e0738016ddef1c53bb41f6">63975ce</a> Merge pull request #2199 from snyk/chore/sync-snyk-fix</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/1350317a341b9190aefdcf3e9551dc16283663ba">1350317</a> Merge pull request #2091 from snyk/chore/remove-jq-from-docker</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/6d9008d9da2224262e598db9b0eb175de91f3e10">6d9008d</a> chore: always use local @ snyk/fix package</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/cdc35ac4e99522935c55029a99a68d67545a6ea9">cdc35ac</a> feat: remove default HTML report from Docker images</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/a7d362bd5a5116752f12bc3e5e71dc3583893e30">a7d362b</a> Merge pull request #2174 from snyk/chore/codeowners</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/72c316ab6a2056a3980aba8718baa8171864c583">72c316a</a> chore: update codeowners</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/9a9fc9f209601998d88d96211767135bcc8b3e6c">9a9fc9f</a> Merge pull request #2198 from snyk/feat/add-vs-code-as-analytics-source</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/0cfd4cc5ddd5980888ae6fa59137b2d389ae8aca">0cfd4cc</a> test: use real path in createProject for macOs /private paths</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/28b66a61f58986e0bbdb952adc5efada76aaafe5">28b66a6</a> feat: add VS Code as an integration</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/153f733698aa851be16a40beaf047ac239b8201e">153f733</a> refactor: caching for `cliFailFast` feature flag</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/62298406c786ea032b0a22ea0e6d0d22d5ca2937">6229840</a> Merge pull request #2188 from snyk/fix/snyk-fix-deeply-nested-requirements</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/c499b6918f2c97ebcb2a9bae215ee275bac65082">c499b69</a> fix(@ snyk/fix): support deeply nested requires in req*.txt</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/bf40406a837f7423017d8da75cdca6d5966354ce">bf40406</a> Merge pull request #2189 from snyk/fix/o-auth-feature-flag</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/2e5c2c7996de721d798b01385d8a21ac4b16caca">2e5c2c7</a> Merge pull request #2195 from snyk/fix/revert-pip-dep-graph</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/1611084cc787a19d101e0acfb3f4800aa33556e9">1611084</a> test: improve test naming</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/0095f379d4fdcf462717acb16ae5a28a0aad1542">0095f37</a> fix: support oauth tokens for feature flags</li> <li><a href="https://snyk.io/redirect/github/snyk/snyk/commit/1c7ff9f2ec22e640d8a3a35e915107f7d8236432">1c7ff9f</a> fix: revert python plugin upgrade</li> </ul>

<a href="https://snyk.io/redirect/github/snyk/snyk/compare/a5fbc921488b40a56ebf9dc56d4c5eb0d0cc9b63...392ccd728297e1a7000d2b5d6c2b93b0c0d551b1">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4M2FiZGVjNC0yOTkwLTRlMzQtOGY5NS04NzgzMDA5ZTc5YTkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjgzYWJkZWM0LTI5OTAtNGUzNC04Zjk1LTg3ODMwMDllNzlhOSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"83abdec4-2990-4e34-8f95-8783009e79a9","prPublicId":"83abdec4-2990-4e34-8f95-8783009e79a9","dependencies":[{"name":"snyk","from":"1.349.0","to":"1.695.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/spiritbro1/project/8f539bb3-6eee-452d-bcd4-5b93a1d8b8d3?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"8f539bb3-6eee-452d-bcd4-5b93a1d8b8d3","env":"prod","prType":"upgrade","vulns":["SNYK-JS-Y18N-1021887","SNYK-JS-PACRESOLVER-1564857","SNYK-JS-NORMALIZEURL-1296539","SNYK-JS-NETMASK-1089716","SNYK-JS-INI-1048974","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-JSZIP-1251497","SNYK-JS-JSZIP-1251497","SNYK-JS-HOSTEDGITINFO-1088355","SNYK-JS-HOSTEDGITINFO-1088355"],"issuesToFix":[{"issueId":"SNYK-JS-Y18N-1021887","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":472,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-PACRESOLVER-1564857","severity":"high","title":"Remote Code Execution (RCE)","exploitMaturity":"proof-of-concept","priorityScore":766,"priorityScoreFactors":[{"type":"socialTrends","label":true,"score":111},{"type":"exploit","label":"Proof of Concept","score":83},{"type":"fixability","label":true,"score":167},{"type":"cvssScore","label":"8.1","score":405}]},{"issueId":"SNYK-JS-NORMALIZEURL-1296539","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-NETMASK-1089716","severity":"high","title":"Server-side Request Forgery (SSRF)","exploitMaturity":"proof-of-concept","priorityScore":706,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385}]},{"issueId":"SNYK-JS-INI-1048974","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":472,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-ANSIREGEX-1583908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":554,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-ANSIREGEX-1583908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":768,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-ANSIREGEX-1583908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":768,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-ANSIREGEX-1583908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":768,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-JSZIP-1251497","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":586,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-JSZIP-1251497","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-HOSTEDGITINFO-1088355","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-HOSTEDGITINFO-1088355","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]}],"upgrade":["SNYK-JS-Y18N-1021887","SNYK-JS-PACRESOLVER-1564857","SNYK-JS-NORMALIZEURL-1296539","SNYK-JS-NETMASK-1089716","SNYK-JS-INI-1048974","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-JSZIP-1251497","SNYK-JS-JSZIP-1251497","SNYK-JS-HOSTEDGITINFO-1088355","SNYK-JS-HOSTEDGITINFO-1088355"],"upgradeInfo":{"versionsDiff":436,"publishedDate":"2021-08-29T07:14:29.358Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[472,766,375,706,472,554,768,768,768,586,372,372,372]}) --->

+42 -3294

0 comment

2 changed files

pr created time in 20 minutes

PR opened javifelices/uncss

[Snyk] Upgrade css from 2.1.0 to 2.2.4

<h3>Snyk has created this PR to upgrade css from 2.1.0 to 2.2.4.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2018-09-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Uninitialized Memory Exposure<br/> npm:atob:20180429 711/1000 <br/> Why? Mature exploit, Has a fix available, CVSS 6.5 Mature

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>css</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/64910e8474385e4fde8cfe5369a9b768f3e08ac5">64910e8</a> 2.2.4</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/042922e8fac3fadf98f8243ec8789cc4687e5179">042922e</a> Upgrade dependencies (#115)</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/5b0e0cdf93fc820ed61858466aa9f70496b6e9b7">5b0e0cd</a> 2.2.3</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/4653d81dc710e026076dc0c41e7ac31cd571056f">4653d81</a> Allow the readme into the npm dist</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/438bd113e2e56e44ff33e0a9b8cfb3bd835df5d1">438bd11</a> 2.2.2</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/e91bb74051469d9c521b1b966460b44877e961fb">e91bb74</a> upgrade source-map-resolve (#112)</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/0f5ad51455739f8e03478918f54840b566491118">0f5ad51</a> Merge pull request #86 from dominicbarnes/master</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/a70d6aaa51c86ccfe474be9f280e06f4baa82198">a70d6aa</a> include optional source on returned stylesheet object (fixes #85)</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/dd81540755d8b436085ff2dc9b9f35d1ce2beff5">dd81540</a> Update History.md</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/e38b6f1cc03aa36ff161a3da96b5c7510bd41ca7">e38b6f1</a> 2.2.1</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/254dc303322c899eaa2da94c6b51276bbc3b2dbf">254dc30</a> Simplify regexp</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/5916733734f3cdbf38fcab855f43588f2669be45">5916733</a> Add test for #75</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/fbfe170f2e4b4888830a47da3a55f790b05ab116">fbfe170</a> Merge pull request #76 from DenVdmj/patch-1</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/ba833114c7b08550c5baf752a776a8b6af46a7d0">ba83311</a> Fix for parsing quoted values in selector</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/dc8ae04cac6fe961feed06804cc319b5d4917ca0">dc8ae04</a> Merge pull request #73 from paulclark/master</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/205b83434ce180ba3140a8934cfcf318bece8e83">205b834</a> fix typo</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/1605bda7aa3107c83f67e0dfb9b3437cfb21adcb">1605bda</a> Merge pull request #69 from iamdustan/link-to-ast-explorer</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/735d8e4cc8e4dd6fbea5c4bad85d727f83496cd5">735d8e4</a> Link to the reworkcss AST explorer</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/cd8b2b74741ecb6b4891c0659cc9ab3fa81319af">cd8b2b7</a> Correct date in History.md</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/321111c162c66c6e30c62918fe9f98552713a979">321111c</a> 2.2.0</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/40c55f5e190b459b582910b6ca956d2026347c32">40c55f5</a> Update History.md</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/30a8a2f7a08254c255304c58434edc9b6fbd2f67">30a8a2f</a> Merge pull request #64 from gmetais/listErrors</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/0b4b2c342d5bec54881d35f3464dc7d092fb3ec8">0b4b2c3</a> List errors in the result obj when parsing in silent mode</li> <li><a href="https://snyk.io/redirect/github/reworkcss/css/commit/4640aaa49800e95eb25337f41afb2401ffd579a5">4640aaa</a> Merge pull request #58 from reworkcss/at-rule-linebreak</li> </ul>

<a href="https://snyk.io/redirect/github/reworkcss/css/compare/341257afa838c64181b89951703faf78f3befa7f...64910e8474385e4fde8cfe5369a9b768f3e08ac5">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZWFhZDRlOS0zNzg4LTQ5ZjktYTAyNy02ODQzMTM1ODUzZDkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVlYWFkNGU5LTM3ODgtNDlmOS1hMDI3LTY4NDMxMzU4NTNkOSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"eeaad4e9-3788-49f9-a027-6843135853d9","prPublicId":"eeaad4e9-3788-49f9-a027-6843135853d9","dependencies":[{"name":"css","from":"2.1.0","to":"2.2.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/d3ce571f-c1c9-4b65-8b4f-36c5fd096ace?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"d3ce571f-c1c9-4b65-8b4f-36c5fd096ace","env":"prod","prType":"upgrade","vulns":["npm:atob:20180429"],"issuesToFix":[{"issueId":"npm:atob:20180429","severity":"medium","title":"Uninitialized Memory Exposure","exploitMaturity":"mature","priorityScore":711,"priorityScoreFactors":[{"type":"exploit","label":"Functional","score":171},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325}]}],"upgrade":["npm:atob:20180429"],"upgradeInfo":{"versionsDiff":5,"publishedDate":"2018-09-04T15:52:21.306Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[711]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/uncss

[Snyk] Upgrade underscore from 1.7.0 to 1.13.1

<h3>Snyk has created this PR to upgrade underscore from 1.7.0 to 1.13.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 19 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2021-04-15.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Arbitrary Code Injection<br/> SNYK-JS-UNDERSCORE-1080984 596/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 5.5 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>underscore</b></summary> <ul> <li> <b>1.13.1</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.1">2021-04-15</a></br><p>Restores the underscore.js UMD alias to git</p> </li> <li> <b>1.13.0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0">2021-04-09</a></br><p>Node.js native ESM support in main release stream, docs updates</p> </li> <li> <b>1.13.0-3</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-3">2021-03-31</a></br><p>Preview release that adds the "module" exports condition</p> </li> <li> <b>1.13.0-2</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-2">2021-03-15</a></br><p>Preview of 1.13.0 with security fix from 1.12.1</p> </li> <li> <b>1.13.0-1</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-1">2021-03-11</a></br><p>Bugfix for the new Node.js 12+ native ESM entry point</p> </li> <li> <b>1.13.0-0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-0">2021-03-10</a></br><p>Node.js native ESM support (prerelease), _.debounce optimization</p> </li> <li> <b>1.12.1</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.12.1">2021-03-15</a></br><p>Security fix in _.template and restored optimization in .debounce.</p> </li> <li> <b>1.12.0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.12.0">2020-11-24</a></br><p>.get, _.toPath, bugfixes, compatibility, performance and testing.</p> </li> <li> <b>1.11.0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.11.0">2020-08-28</a></br><p>Prepare 1.11.0</p> </li> <li> <b>1.10.2</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.10.2">2020-03-30</a></br><p>Underscore.js 1.10.2</p> </li> <li> <b>1.10.1</b> - 2020-03-30 </li> <li> <b>1.10.0</b> - 2020-03-30 </li> <li> <b>1.9.2</b> - 2020-01-06 </li> <li> <b>1.9.1</b> - 2018-05-31 </li> <li> <b>1.9.0</b> - 2018-04-18 </li> <li> <b>1.8.3</b> - 2015-04-02 </li> <li> <b>1.8.2</b> - 2015-02-22 </li> <li> <b>1.8.1</b> - 2015-02-20 </li> <li> <b>1.8.0</b> - 2015-02-20 </li> <li> <b>1.7.0</b> - 2014-08-26 </li> </ul> from <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases">underscore GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNmFiODVjNy0yN2Q1LTQ1YWEtYmIwZC1lY2EzMjE1YWI3MTgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE2YWI4NWM3LTI3ZDUtNDVhYS1iYjBkLWVjYTMyMTVhYjcxOCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"16ab85c7-27d5-45aa-bb0d-eca3215ab718","prPublicId":"16ab85c7-27d5-45aa-bb0d-eca3215ab718","dependencies":[{"name":"underscore","from":"1.7.0","to":"1.13.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/d3ce571f-c1c9-4b65-8b4f-36c5fd096ace?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"d3ce571f-c1c9-4b65-8b4f-36c5fd096ace","env":"prod","prType":"upgrade","vulns":["SNYK-JS-UNDERSCORE-1080984"],"issuesToFix":[{"issueId":"SNYK-JS-UNDERSCORE-1080984","severity":"medium","title":"Arbitrary Code Injection","exploitMaturity":"proof-of-concept","priorityScore":596,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275}]}],"upgrade":["SNYK-JS-UNDERSCORE-1080984"],"upgradeInfo":{"versionsDiff":19,"publishedDate":"2021-04-15T13:17:20.461Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[596]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/uncss

[Snyk] Upgrade commander from 2.3.0 to 2.20.3

<h3>Snyk has created this PR to upgrade commander from 2.3.0 to 2.20.3.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 27 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2019-10-11.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>commander</b></summary> <ul> <li> <b>2.20.3</b> - <a href="https://snyk.io/redirect/github/tj/commander.js/releases/tag/v2.20.3">2019-10-11</a></br><p>Ran "npm unpublish commander@2.20.2". There is no 2.20.2.</p> <h3>Fixed</h3> <ul> <li>Support Node.js 0.10 (Revert <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="499748259" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/1059" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/1059/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/1059">#1059</a>)</li> </ul> </li> <li> <b>2.20.1</b> - <a href="https://snyk.io/redirect/github/tj/commander.js/releases/tag/v2.20.1">2019-09-28</a></br><h3>Fixed</h3> <ul> <li>Improve tracking of executable subcommands.</li> </ul> <h3>Changed</h3> <ul> <li>update development dependencies</li> </ul> <p>Credits:</p> <ul> <li>issue identified by Checkmarx Application Security Research Team</li> </ul> </li> <li> <b>2.20.0</b> - <a href="https://snyk.io/redirect/github/tj/commander.js/releases/tag/v2.20.0">2019-04-03</a></br><ul> <li>fix: resolve symbolic links completely when hunting for subcommands (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="423935620" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/935" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/935/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/935">#935</a>)</li> <li>Update index.d.ts (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="420816836" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/930" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/930/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/930">#930</a>)</li> <li>Update Readme.md (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="416373850" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/924" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/924/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/924">#924</a>)</li> <li>Remove --save option as it isn't required anymore (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="411618930" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/918" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/918/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/918">#918</a>)</li> <li>Add link to the license file (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="394535998" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/900" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/900/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/900">#900</a>)</li> <li>Added example of receiving args from options (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="357478393" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/858" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/858/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/858">#858</a>)</li> <li>Added missing semicolon (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="372267871" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/882" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/882/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/882">#882</a>)</li> <li>Add extension to .eslintrc (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="367918802" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/876" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/876/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/876">#876</a>)</li> </ul> </li> <li> <b>2.19.0</b> - <a href="https://snyk.io/redirect/github/tj/commander.js/releases/tag/v2.19.0">2018-10-08</a></br><ul> <li>Removed newline after Options and Commands headers (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="360716048" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/864" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/864/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/864">#864</a>)</li> <li>Bugfix - Error output (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="360713826" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/862" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/862/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/862">#862</a>)</li> <li>Fix to change default value to string (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="356346490" data-permission-text="Title is private" data-url="https://github.com/tj/commander.js/issues/856" data-hovercard-type="pull_request" data-hovercard-url="/tj/commander.js/pull/856/hovercard" href="https://snyk.io/redirect/github/tj/commander.js/pull/856">#856</a>)</li> </ul> </li> <li> <b>2.18.0</b> - 2018-09-07 </li> <li> <b>2.17.1</b> - 2018-08-07 </li> <li> <b>2.17.0</b> - 2018-08-04 </li> <li> <b>2.16.0</b> - 2018-06-29 </li> <li> <b>2.15.1</b> - 2018-03-20 </li> <li> <b>2.15.0</b> - 2018-03-08 </li> <li> <b>2.14.1</b> - 2018-02-07 </li> <li> <b>2.14.0</b> - 2018-02-06 </li> <li> <b>2.13.0</b> - 2018-01-11 </li> <li> <b>2.12.2</b> - 2017-11-28 </li> <li> <b>2.12.1</b> - 2017-11-23 </li> <li> <b>2.12.0</b> - 2017-11-22 </li> <li> <b>2.11.0</b> - 2017-07-03 </li> <li> <b>2.10.0</b> - 2017-06-23 </li> <li> <b>2.9.0</b> - 2015-10-13 </li> <li> <b>2.8.1</b> - 2015-04-24 </li> <li> <b>2.8.0</b> - 2015-04-14 </li> <li> <b>2.7.1</b> - 2015-03-11 </li> <li> <b>2.7.0</b> - 2015-03-09 </li> <li> <b>2.6.0</b> - 2014-12-29 </li> <li> <b>2.5.1</b> - 2014-12-15 </li> <li> <b>2.5.0</b> - 2014-10-24 </li> <li> <b>2.4.0</b> - 2014-10-17 </li> <li> <b>2.3.0</b> - 2014-07-16 </li> </ul> from <a href="https://snyk.io/redirect/github/tj/commander.js/releases">commander GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>commander</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/6b8499b24f4f6498ad630c50c8a00c9579a8536b">6b8499b</a> Version bump 2.20.3 (#1075)</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/a591f870f552e8cffa7bbb00d8345b2c969251bb">a591f87</a> Support Node.js 0.10 (Revert #1059) (#1074)</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/48b02f06da3b96b200a973aaa1f7e40287882e8a">48b02f0</a> Improve 2.x executable subcommand tracking and update dependencies (#1059)</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/3e8bf54b9b2fb3960fc2320a4174aa79efca90fa">3e8bf54</a> Merge pull request #946 from abetomo/version_bump_2.20.0</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/1ffcbefb1545767bd81f63dcff1a75c0d7deb8a1">1ffcbef</a> version bump 2.20.0</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/50922d84573b01a8c7df3a348e7827e90e356fc4">50922d8</a> Merge pull request #935 from MarshallOfSound/fix-deep-sym-link-resolution</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/994d24ddad4c1139d1ea3d5f94286f6d79b61f99">994d24d</a> fix: resolve symbol links until their are no more symbolic links</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/291fc04a405605e056b4e31af64927b8f811f0d7">291fc04</a> Merge pull request #930 from kira1928/update-index.d.ts</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/a4691373f301a6f3060078899eab4fd8d1a8fa8c">a469137</a> some more fix.</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/a67994996a07cd871eb56147bd21a58aaa93ff1d">a679949</a> Refine variable name. Use strict type definition instead of</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/e31bb8ad665c64d53ae690aa21a35579a42e8c08">e31bb8a</a> Update index.d.ts</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/45423069d96fa79258b1cddc9c6a2ed07fb23969">4542306</a> Merge pull request #924 from ForJing/patch-1</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/77bb5807476fef649bbc1721c0e9e6ef59b9b560">77bb580</a> Update Readme.md</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/68545af7130967bc1a35ae30e9567d78c5e56d8a">68545af</a> Remove --save option as it isn't required anymore</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/82d0d0ae6d66163f5c97ce56031b796621bef4ce">82d0d0a</a> fix url :construction:</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/cec57f5508711f3222cf434ccd46fafb5d6114a0">cec57f5</a> Add link to the license file :+1:</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/d24008158d0870a6df2279dc93c7a36d3f41926d">d240081</a> Update Readme.md</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/03f7d387013594e98a18e4561c8e059ab8fe0a93">03f7d38</a> Added example of receiving args from options</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/27aeac1c2d3a81977592f4b772b8b9f7a6b7560d">27aeac1</a> Merge pull request #882 from reviewher/patch-1</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/f054510f17cf745b054f3e9b3b31b4171883ee46">f054510</a> Added missing semicolon</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/700130ee5db09d1529e89dbce74709d215640fed">700130e</a> Add extension to .eslintrc</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/78b7dbd18aabc23ccc9d151db411913237a3c483">78b7dbd</a> version bump 2.19.0</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/6aafa200211727ac80401ee7e4188be043e56a83">6aafa20</a> prefixed error messages with "error:"</li> <li><a href="https://snyk.io/redirect/github/tj/commander.js/commit/6c0c1f64b63374dc554145fcf26dcbc3a60732db">6c0c1f6</a> removed newline above and below errors</li> </ul>

<a href="https://snyk.io/redirect/github/tj/commander.js/compare/7e9f407ec03d4371a478c2fe417db4998ecb6169...6b8499b24f4f6498ad630c50c8a00c9579a8536b">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiNzliMTRiZi04MTE4LTQzODYtODRjNC00MGQ5MWY5NTY1MjIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImI3OWIxNGJmLTgxMTgtNDM4Ni04NGM0LTQwZDkxZjk1NjUyMiJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"b79b14bf-8118-4386-84c4-40d91f956522","prPublicId":"b79b14bf-8118-4386-84c4-40d91f956522","dependencies":[{"name":"commander","from":"2.3.0","to":"2.20.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/d3ce571f-c1c9-4b65-8b4f-36c5fd096ace?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"d3ce571f-c1c9-4b65-8b4f-36c5fd096ace","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":27,"publishedDate":"2019-10-11T05:40:24.166Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/babel

[Snyk] Upgrade json5 from 0.4.0 to 0.5.1

<h3>Snyk has created this PR to upgrade json5 from 0.4.0 to 0.5.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 5 years ago, on 2016-11-27.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>json5</b></summary> <ul> <li> <b>0.5.1</b> - <a href="https://snyk.io/redirect/github/json5/json5/releases/tag/v0.5.1">2016-11-27</a></br>No content. </li> <li> <b>0.5.0</b> - <a href="https://snyk.io/redirect/github/json5/json5/releases/tag/v0.5.0">2016-03-17</a></br><p>This release includes major internal changes and public API enhancements.</p> <ul> <li><strong>Major:</strong> JSON5 officially supports Node.js v4 LTS and v5. Support for<br> Node.js v0.6 and v0.8 have been dropped, while support for v0.10 and v0.12<br> remain.</li> <li>Fix: YUI Compressor no longer fails when compressing json5.js. (<a href="https://snyk.io/redirect/github/aseemk/json5/pull/97" data-hovercard-type="pull_request" data-hovercard-url="/json5/json5/pull/97/hovercard">#97</a>)</li> <li>New: <code>parse</code> and the CLI provide line and column numbers when displaying error<br> messages. (<a href="https://snyk.io/redirect/github/aseemk/json5/pull/101" data-hovercard-type="pull_request" data-hovercard-url="/json5/json5/pull/101/hovercard">#101</a>; awesome work by <a href="https://snyk.io/redirect/github/amb26">@ amb26</a>.)</li> </ul> </li> <li> <b>0.4.0</b> - <a href="https://snyk.io/redirect/github/json5/json5/releases/tag/v0.4.0">2014-11-05</a></br><p>Bump to v0.4.0; update changelog; publish!</p> </li> </ul> from <a href="https://snyk.io/redirect/github/json5/json5/releases">json5 GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3OTI4ZGEyMS0wOGE5LTQ0ZjktOTgwNy0xZTBlNDkwMzgzMTUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijc5MjhkYTIxLTA4YTktNDRmOS05ODA3LTFlMGU0OTAzODMxNSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"7928da21-08a9-44f9-9807-1e0e49038315","prPublicId":"7928da21-08a9-44f9-9807-1e0e49038315","dependencies":[{"name":"json5","from":"0.4.0","to":"0.5.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/ecd956d6-2765-4d61-8ccc-c2393e978f06?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"ecd956d6-2765-4d61-8ccc-c2393e978f06","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2016-11-27T22:07:14.862Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/uncss

[Snyk] Upgrade request from 2.44.0 to 2.88.2

<h3>Snyk has created this PR to upgrade request from 2.44.0 to 2.88.2.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 45 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2020-02-11.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Timing Attack<br/> npm:http-signature:20150122 539/1000 <br/> Why? Has a fix available, CVSS 6.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:mime:20170907 539/1000 <br/> Why? Has a fix available, CVSS 6.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:hawk:20160119 539/1000 <br/> Why? Has a fix available, CVSS 6.5 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>request</b></summary> <ul> <li> <b>2.88.2</b> - 2020-02-11 </li> <li> <b>2.88.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.88.0">2018-08-10</a></br><p>2.88.0</p> </li> <li> <b>2.87.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.87.0">2018-05-21</a></br><p>2.87.0</p> </li> <li> <b>2.86.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.86.0">2018-05-15</a></br><p>2.86.0</p> </li> <li> <b>2.85.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.85.0">2018-03-12</a></br><p>2.85.0</p> </li> <li> <b>2.84.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.84.0">2018-03-12</a></br><p>2.84.0</p> </li> <li> <b>2.83.0</b> - 2017-09-27 </li> <li> <b>2.82.0</b> - 2017-09-19 </li> <li> <b>2.81.0</b> - 2017-03-09 </li> <li> <b>2.80.0</b> - 2017-03-04 </li> <li> <b>2.79.0</b> - 2016-11-18 </li> <li> <b>2.78.0</b> - 2016-11-03 </li> <li> <b>2.77.0</b> - 2016-11-03 </li> <li> <b>2.76.0</b> - 2016-10-25 </li> <li> <b>2.75.0</b> - 2016-09-17 </li> <li> <b>2.74.0</b> - 2016-07-22 </li> <li> <b>2.73.0</b> - 2016-07-09 </li> <li> <b>2.72.0</b> - 2016-04-17 </li> <li> <b>2.71.0</b> - 2016-04-12 </li> <li> <b>2.70.0</b> - 2016-04-05 </li> <li> <b>2.69.0</b> - 2016-01-27 </li> <li> <b>2.68.0</b> - 2016-01-27 </li> <li> <b>2.67.0</b> - 2015-11-19 </li> <li> <b>2.66.0</b> - 2015-11-18 </li> <li> <b>2.65.0</b> - 2015-10-11 </li> <li> <b>2.64.0</b> - 2015-09-25 </li> <li> <b>2.63.0</b> - 2015-09-21 </li> <li> <b>2.62.0</b> - 2015-09-15 </li> <li> <b>2.61.0</b> - 2015-08-19 </li> <li> <b>2.60.0</b> - 2015-07-21 </li> <li> <b>2.59.0</b> - 2015-07-20 </li> <li> <b>2.58.0</b> - 2015-06-16 </li> <li> <b>2.57.0</b> - 2015-05-31 </li> <li> <b>2.56.0</b> - 2015-05-28 </li> <li> <b>2.55.0</b> - 2015-04-05 </li> <li> <b>2.54.0</b> - 2015-03-24 </li> <li> <b>2.53.0</b> - 2015-02-02 </li> <li> <b>2.52.0</b> - 2015-02-02 </li> <li> <b>2.51.0</b> - 2014-12-10 </li> <li> <b>2.50.0</b> - 2014-12-09 </li> <li> <b>2.49.0</b> - 2014-11-28 </li> <li> <b>2.48.0</b> - 2014-11-12 </li> <li> <b>2.47.0</b> - 2014-10-26 </li> <li> <b>2.46.0</b> - 2014-10-23 </li> <li> <b>2.45.0</b> - 2014-10-06 </li> <li> <b>2.44.0</b> - 2014-09-18 </li> </ul> from <a href="https://snyk.io/redirect/github/request/request/releases">request GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIyNTQ0ODRmYy1lY2IyLTQ2ZGQtODUyNi0zMTg4OGIzMzE1M2QiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjI1NDQ4NGZjLWVjYjItNDZkZC04NTI2LTMxODg4YjMzMTUzZCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"254484fc-ecb2-46dd-8526-31888b33153d","prPublicId":"254484fc-ecb2-46dd-8526-31888b33153d","dependencies":[{"name":"request","from":"2.44.0","to":"2.88.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/d3ce571f-c1c9-4b65-8b4f-36c5fd096ace?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"d3ce571f-c1c9-4b65-8b4f-36c5fd096ace","env":"prod","prType":"upgrade","vulns":["npm:http-signature:20150122","npm:mime:20170907","npm:hawk:20160119"],"issuesToFix":[{"issueId":"npm:http-signature:20150122","severity":"medium","title":"Timing Attack","exploitMaturity":"no-known-exploit","priorityScore":539,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325}]},{"issueId":"npm:mime:20170907","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":399,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185}]},{"issueId":"npm:hawk:20160119","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":399,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185}]}],"upgrade":["npm:http-signature:20150122","npm:mime:20170907","npm:hawk:20160119"],"upgradeInfo":{"versionsDiff":45,"publishedDate":"2020-02-11T16:35:36.122Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[539,399,399]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/Herramientas-Frontend-2015

[Snyk] Upgrade cheerio from 0.19.0 to 0.22.0

<h3>Snyk has created this PR to upgrade cheerio from 0.19.0 to 0.22.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 5 years ago, on 2016-08-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-73638 579/1000 <br/> Why? Has a fix available, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-608086 579/1000 <br/> Why? Has a fix available, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-450202 579/1000 <br/> Why? Has a fix available, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Command Injection<br/> SNYK-JS-LODASH-1040724 579/1000 <br/> Why? Has a fix available, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> npm:lodash:20180130 579/1000 <br/> Why? Has a fix available, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-LODASH-73639 579/1000 <br/> Why? Has a fix available, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png" width="20" height="20" title="critical severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-590103 579/1000 <br/> Why? Has a fix available, CVSS 7.3 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> SNYK-JS-LODASH-567746 579/1000 <br/> Why? Has a fix available, CVSS 7.3 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-LODASH-1018905 579/1000 <br/> Why? Has a fix available, CVSS 7.3 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>cheerio</b></summary> <ul> <li> <b>0.22.0</b> - 2016-08-23 </li> <li> <b>0.20.0</b> - 2016-02-01 </li> <li> <b>0.19.0</b> - 2015-03-21 </li> </ul> from <a href="https://snyk.io/redirect/github/cheeriojs/cheerio/releases">cheerio GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>cheerio</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/35c4917205dca9d08139c95419e2626c0689e38a">35c4917</a> Release 0.21.0</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/1d2e8a7676ba74f73ea2d96bcd68b12541a46d03">1d2e8a7</a> Return undefined in .prop if given an invalid element or tag (#880)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/df55c932ffbb08f8c8fad4107cccfb78c191eb8a">df55c93</a> Merge pull request #884 from cheeriojs/readme-cleanup</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/bbceb09407ffe0d37407405a4fab5e2360f802d9">bbceb09</a> readme updates</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/010b718e67460ac5be13b264feaa688d40531d64">010b718</a> Merge pull request #881 from piamancini/patch-1</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/4997e70c8e1ab050189b2558c309ebc11c8b60a2">4997e70</a> Added backers and sponsors from OpenCollective</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/4ccb41b9d8fbe10cc40849bc361b7ee9d9028daf">4ccb41b</a> Use jQuery from the jquery module in benchmarks (#871)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/54359c92625c305f20fe765d54f7a4adde260892">54359c9</a> Document, test, and extend static `$.text` method (#855)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/c6612f38837345d7b06fe7654067f56d9a22cf3c">c6612f3</a> Fix typo on calling _.extend (#861)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/ed60b343ca54277430ad3bf18d7fd32ffc487ef9">ed60b34</a> 0.21.0</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/79d4e5e6f2d2310eed09b83f6ccfd9e4961aa4b1">79d4e5e</a> Update versions (#870)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/e7d18af05ff1d23f17d858590e2e1d299f7bdf75">e7d18af</a> Use individual lodash functions (#864)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/e65ad72cad8fb696e0f3475b127c93492feca04d">e65ad72</a> Added `.serialize()` support. Fixes #69 (#827)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/df39f337921797203c778b3b49bcf0f811ee717c">df39f33</a> Update Readme.md (#857)</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/7b59afbc7a6aa39376021593e011bf718350bcb4">7b59afb</a> add extension for JSON require call</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/d0551dc41c3a733d6599d426afda5e949787e07b">d0551dc</a> remove gittask badge</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/f500197155d4e03e7e03fa51925d9cc0aca778fc">f500197</a> Merge pull request #672 from underdogio/dev/checkbox.radio.values.sqwished</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/046071a41f33008db7c3489c99a5077a2de69d93">046071a</a> Added default value for checkboxes/radios</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/c3ec1cd7bff41da0033bdc45375d77844f0f81c0">c3ec1cd</a> Release 0.20.0</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/ef848ca5b05c4f3d98a097c6237eeafa30bbab28">ef848ca</a> Add coveralls badge, remove link to old report</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/dbcbe90dfe71e3c66418f625e932051cc95b70c0">dbcbe90</a> Merge pull request #808 from leifhanack/lodash4</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/c04ead1984c61b7d7e5272aa24a48206d5f3407a">c04ead1</a> Merge pull request #668 from rwaldin/prop-method</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/b5531bbc9ac5265f28644debfb5f8ef50e74099e">b5531bb</a> Merge pull request #671 from twolfson/dev/fallback.select.content.sqwished</li> <li><a href="https://snyk.io/redirect/github/cheeriojs/cheerio/commit/9d98bd737e164aefbdcb20a8d549c8eb56ef888d">9d98bd7</a> Merge pull request #704 from Rycochet/master</li> </ul>

<a href="https://snyk.io/redirect/github/cheeriojs/cheerio/compare/9e3746d391c47a09ad5b130d770c747a0d673869...35c4917205dca9d08139c95419e2626c0689e38a">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiYWNhYWRlZi04MzI4LTQ3OGItOWM5NS05M2Q4ZDZiNjUyNGUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImJhY2FhZGVmLTgzMjgtNDc4Yi05Yzk1LTkzZDhkNmI2NTI0ZSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"bacaadef-8328-478b-9c95-93d8d6b6524e","prPublicId":"bacaadef-8328-478b-9c95-93d8d6b6524e","dependencies":[{"name":"cheerio","from":"0.19.0","to":"0.22.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/6e2c9898-4713-4d17-a2c8-4b2157989b45?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"6e2c9898-4713-4d17-a2c8-4b2157989b45","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-1040724","npm:lodash:20180130","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-590103","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-1018905"],"issuesToFix":[{"issueId":"SNYK-JS-LODASH-73638","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":579,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-608086","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":686,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-450202","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":686,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365}]},{"issueId":"SNYK-JS-LODASH-1040724","severity":"high","title":"Command Injection","exploitMaturity":"proof-of-concept","priorityScore":681,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360}]},{"issueId":"npm:lodash:20180130","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":636,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315}]},{"issueId":"SNYK-JS-LODASH-73639","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":434,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.4","score":220}]},{"issueId":"SNYK-JS-LODASH-590103","severity":"critical","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":704,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.8","score":490}]},{"issueId":"SNYK-JS-LODASH-567746","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":636,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315}]},{"issueId":"SNYK-JS-LODASH-1018905","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":586,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265}]}],"upgrade":["SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-1040724","npm:lodash:20180130","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-590103","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-1018905"],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2016-08-23T12:21:40.447Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[579,686,686,681,636,434,704,636,586]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/Herramientas-Frontend-2015

[Snyk] Upgrade request from 2.67.0 to 2.88.2

<h3>Snyk has created this PR to upgrade request from 2.67.0 to 2.88.2.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 22 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2020-02-11.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:tough-cookie:20160722 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Prototype Override Protection Bypass<br/> npm:qs:20170213 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Remote Memory Exposure<br/> SNYK-JS-BL-608877 589/1000 <br/> Why? Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-ANSIREGEX-1583908 589/1000 <br/> Why? Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Uninitialized Memory Exposure<br/> npm:tunnel-agent:20170305 589/1000 <br/> Why? Has a fix available, CVSS 7.5 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:tough-cookie:20170905 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Remote Memory Exposure<br/> npm:request:20160119 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Prototype Pollution<br/> npm:hoek:20180212 589/1000 <br/> Why? Has a fix available, CVSS 7.5 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>request</b></summary> <ul> <li> <b>2.88.2</b> - 2020-02-11 </li> <li> <b>2.88.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.88.0">2018-08-10</a></br><p>2.88.0</p> </li> <li> <b>2.87.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.87.0">2018-05-21</a></br><p>2.87.0</p> </li> <li> <b>2.86.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.86.0">2018-05-15</a></br><p>2.86.0</p> </li> <li> <b>2.85.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.85.0">2018-03-12</a></br><p>2.85.0</p> </li> <li> <b>2.84.0</b> - <a href="https://snyk.io/redirect/github/request/request/releases/tag/v2.84.0">2018-03-12</a></br><p>2.84.0</p> </li> <li> <b>2.83.0</b> - 2017-09-27 </li> <li> <b>2.82.0</b> - 2017-09-19 </li> <li> <b>2.81.0</b> - 2017-03-09 </li> <li> <b>2.80.0</b> - 2017-03-04 </li> <li> <b>2.79.0</b> - 2016-11-18 </li> <li> <b>2.78.0</b> - 2016-11-03 </li> <li> <b>2.77.0</b> - 2016-11-03 </li> <li> <b>2.76.0</b> - 2016-10-25 </li> <li> <b>2.75.0</b> - 2016-09-17 </li> <li> <b>2.74.0</b> - 2016-07-22 </li> <li> <b>2.73.0</b> - 2016-07-09 </li> <li> <b>2.72.0</b> - 2016-04-17 </li> <li> <b>2.71.0</b> - 2016-04-12 </li> <li> <b>2.70.0</b> - 2016-04-05 </li> <li> <b>2.69.0</b> - 2016-01-27 </li> <li> <b>2.68.0</b> - 2016-01-27 </li> <li> <b>2.67.0</b> - 2015-11-19 </li> </ul> from <a href="https://snyk.io/redirect/github/request/request/releases">request GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiYjI1MWQ3NC00MTkyLTQxYjItOWIyZC0yZGFjNTJiZjUzY2EiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImJiMjUxZDc0LTQxOTItNDFiMi05YjJkLTJkYWM1MmJmNTNjYSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"bb251d74-4192-41b2-9b2d-2dac52bf53ca","prPublicId":"bb251d74-4192-41b2-9b2d-2dac52bf53ca","dependencies":[{"name":"request","from":"2.67.0","to":"2.88.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/6e2c9898-4713-4d17-a2c8-4b2157989b45?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"6e2c9898-4713-4d17-a2c8-4b2157989b45","env":"prod","prType":"upgrade","vulns":["npm:tough-cookie:20160722","npm:qs:20170213","SNYK-JS-BL-608877","SNYK-JS-ANSIREGEX-1583908","npm:tunnel-agent:20170305","npm:tough-cookie:20170905","npm:request:20160119","npm:hoek:20180212"],"issuesToFix":[{"issueId":"npm:tough-cookie:20160722","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":589,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"npm:qs:20170213","severity":"high","title":"Prototype Override Protection Bypass","exploitMaturity":"no-known-exploit","priorityScore":589,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-BL-608877","severity":"high","title":"Remote Memory Exposure","exploitMaturity":"proof-of-concept","priorityScore":706,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385}]},{"issueId":"SNYK-JS-ANSIREGEX-1583908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":554,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"npm:tunnel-agent:20170305","severity":"medium","title":"Uninitialized Memory Exposure","exploitMaturity":"proof-of-concept","priorityScore":576,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.1","score":255}]},{"issueId":"npm:tough-cookie:20170905","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":509,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295}]},{"issueId":"npm:request:20160119","severity":"medium","title":"Remote Memory Exposure","exploitMaturity":"no-known-exploit","priorityScore":469,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.1","score":255}]},{"issueId":"npm:hoek:20180212","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":636,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315}]}],"upgrade":["npm:tough-cookie:20160722","npm:qs:20170213","SNYK-JS-BL-608877","SNYK-JS-ANSIREGEX-1583908","npm:tunnel-agent:20170305","npm:tough-cookie:20170905","npm:request:20160119","npm:hoek:20180212"],"upgradeInfo":{"versionsDiff":22,"publishedDate":"2020-02-11T16:35:36.122Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[589,589,706,554,576,509,469,636]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/postcss

[Snyk] Upgrade source-map from 0.5.7 to 0.7.3

<h3>Snyk has created this PR to upgrade source-map from 0.5.7 to 0.7.3.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2018-05-16.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>source-map</b></summary> <ul> <li> <b>0.7.3</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.7.3">2018-05-16</a></br><p>Bump to version 0.7.3</p> </li> <li> <b>0.7.2</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.7.2">2018-02-26</a></br><p>Bump to 0.7.2</p> </li> <li> <b>0.7.1</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.7.1">2018-02-14</a></br><p>Bump to version 0.7.1</p> </li> <li> <b>0.7.0</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.7.0">2018-01-19</a></br><p>Get ready for new release on npm</p> </li> <li> <b>0.6.1</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.6.1">2017-09-29</a></br><p>Release version 0.6.1</p> </li> <li> <b>0.6.0</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.6.0">2017-09-27</a></br><p>Release version 0.6.0</p> </li> <li> <b>0.5.7</b> - <a href="https://snyk.io/redirect/github/mozilla/source-map/releases/tag/0.5.7">2017-08-21</a></br><p>Bump to 0.5.7</p> </li> </ul> from <a href="https://snyk.io/redirect/github/mozilla/source-map/releases">source-map GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>source-map</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/b2171d58e90e64472b0e858013c0cc5f6772a83d">b2171d5</a> Bump to version 0.7.3</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/86d2f30fd4ca87be1007e570d7ae62912439acce">86d2f30</a> Merge pull request #336 from hildjj/classes</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/14de5f87670e6a8c363c386cf0e7807e9ec2529a">14de5f8</a> Address comments in code review</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/1ea5ee3e268305af510ee49940d0488d9115e41e">1ea5ee3</a> First stab at classes. source-map-consumer is a mess in order to keep the API the same. That file needs careful review. Everything else is pretty straightforward. Fixes #334. Fixes #259.</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/adfd0fbf77a55166070b314492046772291622d0">adfd0fb</a> Merge pull request #335 from hildjj/coverage</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/39db032db722366f8e28fdc87ebe43505d591929">39db032</a> Add code coverage instructions to CONTRIBUTING.md</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/3f2b1047d19fad6d9216bf72243dc6f7d3a91371">3f2b104</a> Add support for coverage metrics with nyc and coveralls. Coveralls integration will need to be turned on.</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/df6608df139f4bddd7c158a384b2587742580b0d">df6608d</a> Merge pull request #332 from hildjj/lint</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/73f5d1af5839a09a72c66df5f33cc100120fe0dc">73f5d1a</a> Switch to let/const from var</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/bf025a817382803e48f5ef6d287870eb9ef31fb0">bf025a8</a> Apply the Firefox eslint rules, minus the Firefox-specific plugins.</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/8214089ff786e0c70e111910e57c9ce662202abe">8214089</a> Merge pull request #330 from ds300/fix/callback-stack</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/b87dfc8185f1aba721a797cee3585cc3a05a2c25">b87dfc8</a> update dist</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/121d6271c4105133a3f8044f057c735613705698">121d627</a> keep callbacks on stack to allow nested consumer usage</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/b93aadb81107188ee02bf5a11304b32ab0cb330a">b93aadb</a> add failing test for nested consumer usage</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/c1e2ec810be2f6b2a9af3293c2ec619fc5c0b05f">c1e2ec8</a> Merge pull request #329 from wizawu/master</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/966184fb383e664772b934ffcb438e5e3701bdda">966184f</a> Typo</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/43b2687e6e2f3cf6c22926aa473d5031fb7df89d">43b2687</a> Bump to 0.7.2</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/3720ffaec39ada8949dd0ad53002df8d82a4e957">3720ffa</a> Merge pull request #325 from fitzgen/update-mappings-wasm</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/4ade41fd99eaea69f3f3bef7e7857a29da02a9d4">4ade41f</a> Update lib/mappings.wasm to fitzgen/source-map-mappings 0.5.0</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/e0bea42d021b1d0c51540bc86e089964d95368fe">e0bea42</a> Bust the cache for the benchmark's wasm blob, since Chrome is very aggressive with its caching</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/3181bacfb8d449ecdb7d3da8ffcd59e29bfe98d7">3181bac</a> Merge pull request #323 from fitzgen/bump-to-0.7.1</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/12a5a1a40ceddd5f0d3f5b3d7848b826012d9f1e">12a5a1a</a> Bump to version 0.7.1</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/c73baa52dedcbb77af97d90390d9def4d594c75f">c73baa5</a> Merge pull request #321 from jvilk/typings-fix</li> <li><a href="https://snyk.io/redirect/github/mozilla/source-map/commit/7cc0c9dad9c358e956258389436bdd95c50354af">7cc0c9d</a> Update source-map TypeScript typings to 0.7.0.</li> </ul>

<a href="https://snyk.io/redirect/github/mozilla/source-map/compare/326dd955a366569759d9537ef5f0f167c89d92d2...b2171d58e90e64472b0e858013c0cc5f6772a83d">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2YTJjNTBkZC04NWZiLTRhNjItOWNiMS05NTI2MDA2YWQxZmQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjZhMmM1MGRkLTg1ZmItNGE2Mi05Y2IxLTk1MjYwMDZhZDFmZCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"6a2c50dd-85fb-4a62-9cb1-9526006ad1fd","prPublicId":"6a2c50dd-85fb-4a62-9cb1-9526006ad1fd","dependencies":[{"name":"source-map","from":"0.5.7","to":"0.7.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/00a80c5a-646e-40de-96fa-6171ca2cd8b1?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"00a80c5a-646e-40de-96fa-6171ca2cd8b1","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":6,"publishedDate":"2018-05-16T17:29:49.200Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/Herramientas-Frontend-2015

[Snyk] Upgrade bluebird from 3.0.6 to 3.7.2

<h3>Snyk has created this PR to upgrade bluebird from 3.0.6 to 3.7.2.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 33 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2019-11-28.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>bluebird</b></summary> <ul> <li> <b>3.7.2</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.7.2">2019-11-28</a></br><p>Bugfixes:</p> <ul> <li>Fixes firefox settimeout not initialized error (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1623" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1623/hovercard">#1623</a>)</li> </ul> </li> <li> <b>3.7.1</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.7.1">2019-10-15</a></br><p>Features:</p> <ul> <li>feature</li> </ul> <p>Bugfixes:</p> <ul> <li>Fix (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1614" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1614/hovercard">#1614</a>)</li> <li>Fix (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1613" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1613/hovercard">#1613</a>)</li> <li>Fix (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1616" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1616/hovercard">#1616</a>)</li> </ul> </li> <li> <b>3.7.0</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.7.0">2019-10-01</a></br><p>Features:</p> <ul> <li>Add <a href="http://bluebirdjs.com/docs/api/promise.allsettled.html" rel="nofollow"><code>Promise.allSettled</code></a>method (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1606" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1606/hovercard">#1606</a>)</li> </ul> </li> <li> <b>3.6.0</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.6.0">2019-10-01</a></br><p>Features:</p> <ul> <li>Add support for AsyncResource (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1403" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1403/hovercard">#1403</a>)</li> </ul> <p>Bugfixes:</p> <ul> <li>Fix <a href="http://bluebirdjs.com/docs/api/reduce.html" rel="nofollow"><code>.reduce</code></a> generating unhandled rejection events (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1501" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1501/hovercard">#1501</a>)</li> <li>Fix <a href="http://bluebirdjs.com/docs/api/promise.reduce.html" rel="nofollow"><code>Promise.reduce</code></a> generating unhandled rejction events (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1502" data-hovercard-type="pull_request" data-hovercard-url="/petkaantonov/bluebird/pull/1502/hovercard">#1502</a>)</li> <li>Fix <a href="http://bluebirdjs.com/docs/api/map.html" rel="nofollow"><code>.map</code></a> and <a href="http://bluebirdjs.com/docs/api/filter.html" rel="nofollow"><code>.filter</code></a> generating unhandled rejection events (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1487" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1487/hovercard">#1487</a>)</li> <li>Fix <a href="http://bluebirdjs.com/docs/api/promise.map.html" rel="nofollow"><code>Promise.map</code></a>unhandled rejection events (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1489" data-hovercard-type="pull_request" data-hovercard-url="/petkaantonov/bluebird/pull/1489/hovercard">#1489</a>)</li> <li>Fix cancel skipping upward propagation (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1459" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1459/hovercard">#1459</a>)</li> <li>Fix loadTimes deprecation (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1505" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1505/hovercard">#1505</a>)</li> <li>Fix <a href="http://bluebirdjs.com/docs/api/promise.each.html" rel="nofollow"><code>Promise.each</code></a> maximum stack exceeded error (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1326" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1326/hovercard">#1326</a>)</li> <li>Make PromiseRejectionEvent confrom to spec (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1509" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1509/hovercard">#1509</a>)</li> <li>Fix false unhandled rejection events (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1468" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1468/hovercard">#1468</a>)</li> </ul> </li> <li> <b>3.5.5</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.5.5">2019-05-24</a></br><p>Features:</p> <ul> <li>Added Symbol.toStringTag support to Promise (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1421" data-hovercard-type="pull_request" data-hovercard-url="/petkaantonov/bluebird/pull/1421/hovercard">#1421</a>)</li> </ul> <p>Bugfixes:</p> <ul> <li>Fix error in IE9 (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1591" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1591/hovercard">#1591</a>, <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1592" data-hovercard-type="pull_request" data-hovercard-url="/petkaantonov/bluebird/pull/1592/hovercard">#1592</a>)</li> <li>Fix error with undefined stack trace (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1537" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1537/hovercard">#1537</a>)</li> <li>Fix <a href="http://bluebirdjs.com/docs/api/catch.html" rel="nofollow">#catch</a> throwing an error later rather than immediately when passed non-function handler (<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/issues/1517" data-hovercard-type="issue" data-hovercard-url="/petkaantonov/bluebird/issues/1517/hovercard">#1517</a>)</li> </ul> </li> <li> <b>3.5.4</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.5.4">2019-04-03</a></br><ul> <li>Proper version check supporting VSCode(<a href="/petkaantonov/bluebird/blob/v3.5.4">#1576</a>)</li> </ul> </li> <li> <b>3.5.3</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.5.3">2018-11-06</a></br><p>Bugfixes:</p> <ul> <li>Update acorn dependency</li> </ul> </li> <li> <b>3.5.2</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.5.2">2018-09-03</a></br><p>Bugfixes:</p> <ul> <li>Fix <code>PromiseRejectionEvent</code> to contain <code>.reason</code> and <code>.promise</code> properties. (<a href="/petkaantonov/bluebird/blob/v3.5.2">#1509</a>, <a href="/petkaantonov/bluebird/blob/v3.5.2">#1464</a>)</li> <li>Fix promise chain retaining memory until the entire chain is resolved (<a href="/petkaantonov/bluebird/blob/v3.5.2">#1544</a>, <a href="/petkaantonov/bluebird/blob/v3.5.2">#1529</a>)</li> </ul> <hr> <h2>id: changelog<br> title: Changelog</h2> </li> <li> <b>3.5.1</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.5.1">2017-10-04</a></br><p>Bugfixes:</p> <ul> <li>Fix false positive unhandled rejection when using async await (<a href="/petkaantonov/bluebird/blob/v3.5.1">#1404</a>)</li> <li>Fix false positive when reporting error as non-error (<a href="/petkaantonov/bluebird/blob/v3.5.1">#990</a>)</li> </ul> </li> <li> <b>3.5.0</b> - <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases/tag/v3.5.0">2017-03-03</a></br><p>Features:</p> <ul> <li>Added new method: <a href="/petkaantonov/bluebird/blob/v3.5.0">.tapCatch</a> (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1220</a>)</li> </ul> <p>Bugfixes:</p> <ul> <li>Fixed streamline benchmarks (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1233</a>)</li> <li>Fixed yielding a function calling the function (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1314</a>, <a href="/petkaantonov/bluebird/blob/v3.5.0">#1315</a>)</li> <li>Fixed confusing error message when calling <a href="/petkaantonov/bluebird/blob/v3.5.0">.catch</a> with non function predicate (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1350</a>)</li> <li>Fixed <a href="/petkaantonov/bluebird/blob/v3.5.0">.props</a> resolving to empty object when called with empty <code>Map</code> (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1338</a>)</li> <li>Fixed confusing error message when invoking <code>Promise</code> directly without <code>new</code> (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1320</a>)</li> <li>Added dedicated webpack entry point (<a href="/petkaantonov/bluebird/blob/v3.5.0">#1318</a>)</li> </ul> </li> <li> <b>3.4.7</b> - 2016-12-22 </li> <li> <b>3.4.6</b> - 2016-09-01 </li> <li> <b>3.4.5</b> - 2016-08-31 </li> <li> <b>3.4.4</b> - 2016-08-30 </li> <li> <b>3.4.3</b> - 2016-08-25 </li> <li> <b>3.4.2</b> - 2016-08-24 </li> <li> <b>3.4.1</b> - 2016-06-17 </li> <li> <b>3.4.0</b> - 2016-05-17 </li> <li> <b>3.3.5</b> - 2016-04-12 </li> <li> <b>3.3.4</b> - 2016-03-07 </li> <li> <b>3.3.3</b> - 2016-02-25 </li> <li> <b>3.3.2</b> - 2016-02-25 </li> <li> <b>3.3.1</b> - 2016-02-13 </li> <li> <b>3.3.0</b> - 2016-02-12 </li> <li> <b>3.2.2</b> - 2016-02-05 </li> <li> <b>3.2.1</b> - 2016-02-01 </li> <li> <b>3.2.0</b> - 2016-02-01 </li> <li> <b>3.1.5</b> - 2016-01-26 </li> <li> <b>3.1.4</b> - 2016-01-25 </li> <li> <b>3.1.3</b> - 2016-01-25 </li> <li> <b>3.1.2</b> - 2016-01-23 </li> <li> <b>3.1.1</b> - 2015-12-16 </li> <li> <b>3.1.0</b> - 2015-12-16 </li> <li> <b>3.0.6</b> - 2015-12-01 </li> </ul> from <a href="https://snyk.io/redirect/github/petkaantonov/bluebird/releases">bluebird GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>bluebird</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/750bd7f87fefaa0f918a6f0a25caec32ffdaddd8">750bd7f</a> Release v3.7.2</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/f88044507cb5ad8a3a27b219c7ea4e5a2d1e7207">f880445</a> Fixes #1627 #1623</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/bd20f79762813e482f55ad67f23778df7418c948">bd20f79</a> Release v3.7.1</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/2378ee6c0237c82c998b0f0706d7c96bc2c9d530">2378ee6</a> try fix tests</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/a00a66419734794702dd1acc9c6722f76ae3cd44">a00a664</a> Release v3.7.0</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/4df279b5620155630c6b2f35d4653f509e5dc272">4df279b</a> Fixes #1606</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/0a8523623b2c97f4082e9611af2489b2e8140c42">0a85236</a> Release v3.6.0</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/96f266e9cb4fc378ec358567575ac431640fdbc2">96f266e</a> Merge pull request #1604 from renewooller/master</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/933b5da2c8c8cd6618491bacd2f566d4b2db0f38">933b5da</a> Merge pull request #1610 from Piccirello/patch-1</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/8e3eedc2ceb0359eb765c817746860224f14bc82">8e3eedc</a> Add async/await example</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/6796d23612a6c81c272dff915eeca40f0c011859">6796d23</a> Update schedule.js</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/b0ed2e4c38fd5648c2042ab0be41250418fe4b92">b0ed2e4</a> docs: qualified that map must only take finite iterables</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/b9037b3dcd9a2a75893fbe8a0fdafd2e2b2da57d">b9037b3</a> Update README.md</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/60ef7a0e23fd320a11281f67c64a39ff95612ce9">60ef7a0</a> Fixes #1468, stabilize unhandled rejection tests</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/8991667fad58c6f58191a82b3d025adcb8e09e52">8991667</a> Fixes #1509</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/8f39dbc699a3a20f9be47823e9012854cb144b12">8f39dbc</a> Fixes #1326</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/12154adb5016609901550aad5250045670644dd4">12154ad</a> Fix #1505</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/420cf4eeb247a6dd21fd4105aba6f000205a893a">420cf4e</a> Fix #1459</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/a518f187ceb1b0096265b06b3a05374e6f26eb94">a518f18</a> Fix #1487 #1489</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/c9618f03346d9d716300a38188b6c37667492ae7">c9618f0</a> Fix #1501 #1502</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/c54bac12002122b33ae17897bd68d1dd5b6d68b1">c54bac1</a> update doc</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/812017724a7b9607e37de1c074c9bb8659711e9d">8120177</a> document async hooks</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/8d9afb761cadbc653ecd46fea1708a65ccda8757">8d9afb7</a> config update</li> <li><a href="https://snyk.io/redirect/github/petkaantonov/bluebird/commit/79b9115a8691b804ce8ee38e7dab01842331aa70">79b9115</a> webpack config</li> </ul>

<a href="https://snyk.io/redirect/github/petkaantonov/bluebird/compare/37393eae4b6c8a48d16b357768e624ce2b347cac...750bd7f87fefaa0f918a6f0a25caec32ffdaddd8">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3OGM4Zjg3Ny0wNDU0LTQwZmMtOGEwMi1hMjFiN2U3MGE1ZTYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijc4YzhmODc3LTA0NTQtNDBmYy04YTAyLWEyMWI3ZTcwYTVlNiJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"78c8f877-0454-40fc-8a02-a21b7e70a5e6","prPublicId":"78c8f877-0454-40fc-8a02-a21b7e70a5e6","dependencies":[{"name":"bluebird","from":"3.0.6","to":"3.7.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/6e2c9898-4713-4d17-a2c8-4b2157989b45?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"6e2c9898-4713-4d17-a2c8-4b2157989b45","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":33,"publishedDate":"2019-11-28T22:55:40.312Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 23 minutes

PR opened javifelices/postcss

[Snyk] Upgrade babel-core from 5.8.25 to 5.8.38

<h3>Snyk has created this PR to upgrade babel-core from 5.8.25 to 5.8.38.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 5 years ago, on 2016-03-22.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxMWQzNzdiMC1hMTFmLTQwMGQtOGQxMS1iNDhlYjg4ZGYzZTAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjExZDM3N2IwLWExMWYtNDAwZC04ZDExLWI0OGViODhkZjNlMCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"11d377b0-a11f-400d-8d11-b48eb88df3e0","prPublicId":"11d377b0-a11f-400d-8d11-b48eb88df3e0","dependencies":[{"name":"babel-core","from":"5.8.25","to":"5.8.38"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/00a80c5a-646e-40de-96fa-6171ca2cd8b1?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"00a80c5a-646e-40de-96fa-6171ca2cd8b1","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":8,"publishedDate":"2016-03-22T22:50:05.900Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 24 minutes

PR opened javifelices/jorgeatgu.github.io

[Snyk] Upgrade mustache from 0.7.3 to 0.8.2

<h3>Snyk has created this PR to upgrade mustache from 0.7.3 to 0.8.2.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 7 years ago, on 2014-06-13.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>mustache</b></summary> <ul> <li> <b>0.8.2</b> - <a href="https://snyk.io/redirect/github/janl/mustache.js/releases/tag/0.8.2">2014-06-13</a></br><p>The goal is to reduce the number of files downloaded by ignoring the test directory</p> </li> <li> <b>0.8.1</b> - <a href="https://snyk.io/redirect/github/janl/mustache.js/releases/tag/0.8.1">2014-01-03</a></br><p>Version 0.8.1</p> </li> <li> <b>0.8.0</b> - <a href="https://snyk.io/redirect/github/janl/mustache.js/releases/tag/0.8.0">2013-12-02</a></br><p>Version 0.8.0</p> </li> <li> <b>0.7.3</b> - <a href="https://snyk.io/redirect/github/janl/mustache.js/releases/tag/0.7.3">2013-11-05</a></br><p>Version 0.7.3</p> </li> </ul> from <a href="https://snyk.io/redirect/github/janl/mustache.js/releases">mustache GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkMmI2YWI5YS01OTNlLTQzNmMtOGJmOC0xOGEzMmE0ZmUxZjMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQyYjZhYjlhLTU5M2UtNDM2Yy04YmY4LTE4YTMyYTRmZTFmMyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"d2b6ab9a-593e-436c-8bf8-18a32a4fe1f3","prPublicId":"d2b6ab9a-593e-436c-8bf8-18a32a4fe1f3","dependencies":[{"name":"mustache","from":"0.7.3","to":"0.8.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/fad5f29f-fa0a-4a7b-a49d-0406e707e203?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"fad5f29f-fa0a-4a7b-a49d-0406e707e203","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2014-06-13T14:49:39.219Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 24 minutes

PR opened javifelices/jorgeatgu.github.io

[Snyk] Upgrade underscore from 1.5.2 to 1.13.1

<h3>Snyk has created this PR to upgrade underscore from 1.5.2 to 1.13.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 21 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2021-04-15.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Arbitrary Code Injection<br/> SNYK-JS-UNDERSCORE-1080984 596/1000 <br/> Why? Proof of Concept exploit, Has a fix available, CVSS 5.5 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>underscore</b></summary> <ul> <li> <b>1.13.1</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.1">2021-04-15</a></br><p>Restores the underscore.js UMD alias to git</p> </li> <li> <b>1.13.0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0">2021-04-09</a></br><p>Node.js native ESM support in main release stream, docs updates</p> </li> <li> <b>1.13.0-3</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-3">2021-03-31</a></br><p>Preview release that adds the "module" exports condition</p> </li> <li> <b>1.13.0-2</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-2">2021-03-15</a></br><p>Preview of 1.13.0 with security fix from 1.12.1</p> </li> <li> <b>1.13.0-1</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-1">2021-03-11</a></br><p>Bugfix for the new Node.js 12+ native ESM entry point</p> </li> <li> <b>1.13.0-0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.13.0-0">2021-03-10</a></br><p>Node.js native ESM support (prerelease), _.debounce optimization</p> </li> <li> <b>1.12.1</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.12.1">2021-03-15</a></br><p>Security fix in _.template and restored optimization in .debounce.</p> </li> <li> <b>1.12.0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.12.0">2020-11-24</a></br><p>.get, _.toPath, bugfixes, compatibility, performance and testing.</p> </li> <li> <b>1.11.0</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.11.0">2020-08-28</a></br><p>Prepare 1.11.0</p> </li> <li> <b>1.10.2</b> - <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases/tag/1.10.2">2020-03-30</a></br><p>Underscore.js 1.10.2</p> </li> <li> <b>1.10.1</b> - 2020-03-30 </li> <li> <b>1.10.0</b> - 2020-03-30 </li> <li> <b>1.9.2</b> - 2020-01-06 </li> <li> <b>1.9.1</b> - 2018-05-31 </li> <li> <b>1.9.0</b> - 2018-04-18 </li> <li> <b>1.8.3</b> - 2015-04-02 </li> <li> <b>1.8.2</b> - 2015-02-22 </li> <li> <b>1.8.1</b> - 2015-02-20 </li> <li> <b>1.8.0</b> - 2015-02-20 </li> <li> <b>1.7.0</b> - 2014-08-26 </li> <li> <b>1.6.0</b> - 2014-02-10 </li> <li> <b>1.5.2</b> - 2013-09-07 </li> </ul> from <a href="https://snyk.io/redirect/github/jashkenas/underscore/releases">underscore GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2MTI0ZDVlNi1kOGJhLTRmMmYtYjkwYi1mN2M5Nzg4MmRiNzAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjYxMjRkNWU2LWQ4YmEtNGYyZi1iOTBiLWY3Yzk3ODgyZGI3MCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"6124d5e6-d8ba-4f2f-b90b-f7c97882db70","prPublicId":"6124d5e6-d8ba-4f2f-b90b-f7c97882db70","dependencies":[{"name":"underscore","from":"1.5.2","to":"1.13.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/fad5f29f-fa0a-4a7b-a49d-0406e707e203?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"fad5f29f-fa0a-4a7b-a49d-0406e707e203","env":"prod","prType":"upgrade","vulns":["SNYK-JS-UNDERSCORE-1080984"],"issuesToFix":[{"issueId":"SNYK-JS-UNDERSCORE-1080984","severity":"medium","title":"Arbitrary Code Injection","exploitMaturity":"proof-of-concept","priorityScore":596,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275}]}],"upgrade":["SNYK-JS-UNDERSCORE-1080984"],"upgradeInfo":{"versionsDiff":21,"publishedDate":"2021-04-15T13:17:20.461Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[596]}) --->

+1 -1

0 comment

1 changed file

pr created time in 24 minutes

PR opened moghwan/moghwan.me

[Snyk] Upgrade core-js from 3.8.3 to 3.16.4

<h3>Snyk has created this PR to upgrade core-js from 3.8.3 to 3.16.4.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 22 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2021-08-29.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>core-js</b></summary> <ul> <li> <b>3.16.4</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.4">2021-08-29</a></br><ul> <li><code>AsyncFromSyncIterator</code> made stricter, related mainly to <code>AsyncIterator.from</code> and <code>AsyncIterator.prototype.flatMap</code></li> <li>Handling of optional <code>.next</code> arguments in <code>(Async)Iterator</code> methods is aligned with the current spec draft (mainly - ignoring the first passed to <code>.next</code> argument in built-in generators)</li> <li>Behavior of <code>.next</code>, <code>.return</code>, <code>.throw</code> methods on <code>AsyncIterator</code> helpers proxy iterators aligned with the current spec draft (built-in async generators) (mainly - some early errors moved to returned promises)</li> <li>Fixed some cases of safe iteration closing</li> <li>Fixed dependencies of some entry points</li> </ul> </li> <li> <b>3.16.3</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.3">2021-08-24</a></br><ul> <li>Fixed <code>CreateAsyncFromSyncIterator</code> semantic in <code>AsyncIterator.from</code>, related to <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/765" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/765/hovercard">#765</a></li> <li>Added a workaround of a specific case of broken <code>Object.prototype</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/973" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/973/hovercard">#973</a></li> </ul> </li> <li> <b>3.16.2</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.2">2021-08-17</a></br><ul> <li>Added a workaround of a Closure Compiler unsafe optimization, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/972" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/972/hovercard">#972</a></li> <li>One more fix crashing of <code>Object.create(null)</code> on WSH, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/970" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/970/hovercard">#970</a></li> <li>Added Deno 1.14 compat data mapping</li> </ul> </li> <li> <b>3.16.1</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.1">2021-08-08</a></br><ul> <li>Fixed microtask implementation on iOS Pebble, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/967" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/967/hovercard">#967</a></li> <li>Fixed some entry points</li> <li>Improved old Safari compat data</li> </ul> </li> <li> <b>3.16.0</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.16.0">2021-07-30</a></br><ul> <li><a href="https://snyk.io/redirect/github/tc39/proposal-array-find-from-last"><code>Array</code> find from last proposal</a> moved to the stage 3, <a href="https://snyk.io/redirect/github/tc39/proposal-array-find-from-last/pull/47" data-hovercard-type="pull_request" data-hovercard-url="/tc39/proposal-array-find-from-last/pull/47/hovercard">July 2021 TC39 meeting</a></li> <li><a href="https://snyk.io/redirect/github/tc39/proposal-array-filtering"><code>Array</code> filtering stage 1 proposal</a>: <ul> <li><code>Array.prototype.filterReject</code> replaces <code>Array.prototype.filterOut</code></li> <li><code>%TypedArray%.prototype.filterReject</code> replaces <code>%TypedArray%.prototype.filterOut</code></li> </ul> </li> <li>Added <a href="https://snyk.io/redirect/github/tc39/proposal-array-grouping"><code>Array</code> grouping stage 1 proposal</a>: <ul> <li><code>Array.prototype.groupBy</code></li> <li><code>%TypedArray%.prototype.groupBy</code></li> </ul> </li> <li>Work with symbols made stricter: some missed before cases of methods that should throw an error on symbols now works as they should</li> <li>Handling <code>@@ toPrimitive</code> in some cases of <code>ToPrimitive</code> internal logic made stricter</li> <li>Fixed work of <code>Request</code> with polyfilled <code>URLSearchParams</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/965" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/965/hovercard">#965</a></li> <li>Fixed possible exposing of collections elements metadata in some cases, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/427" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/427/hovercard">#427</a></li> <li>Fixed crashing of <code>Object.create(null)</code> on WSH, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/966" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/966/hovercard">#966</a></li> <li>Fixed some cases of typed arrays subclassing logic</li> <li>Fixed a minor bug related to string conversion in <code>RegExp#exec</code></li> <li>Fixed <code>Date.prototype.getYear</code> feature detection</li> <li>Fixed content of some entry points</li> <li>Some minor optimizations and refactoring</li> <li>Deno: <ul> <li>Added Deno support (sure, after bundling since Deno does not support CommonJS)</li> <li>Allowed <code>deno</code> target in <code>core-js-compat</code> / <code>core-js-builder</code></li> <li>A bundle for Deno published on <a href="https://deno.land/x/corejs" rel="nofollow">deno.land/x/corejs</a></li> </ul> </li> <li>Added / updated compat data / mapping: <ul> <li>Deno 1.0-1.13</li> <li>NodeJS up to 16.6</li> <li>iOS Safari up to 15.0</li> <li>Samsung Internet up to 15.0</li> <li>Opera Android up to 64</li> <li><code>Object.hasOwn</code> marked as supported from <a href="https://chromestatus.com/feature/5662263404920832" rel="nofollow">V8 9.3</a> and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1721149" rel="nofollow">FF92</a></li> <li><code>Date.prototype.getYear</code> marked as not supported in IE8-</li> </ul> </li> <li>Added <code>summary</code> option to <code>core-js-builder</code>, see more info in the <a href="https://snyk.io/redirect/github/zloirock/core-js/blob/master/packages/core-js-builder/README.md"><code>README</code></a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/910" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/910/hovercard">#910</a></li> </ul> </li> <li> <b>3.15.2</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.15.2">2021-06-29</a></br><ul> <li>Worked around breakage related to <code>zone.js</code> loaded before <code>core-js</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/953" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/953/hovercard">#953</a></li> <li>Added NodeJS 16.4 -> Chrome 91 compat data mapping</li> </ul> </li> <li> <b>3.15.1</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.15.1">2021-06-22</a></br><ul> <li>Fixed cloning of regex through <code>RegExp</code> constructor, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/948" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/948/hovercard">#948</a></li> </ul> </li> <li> <b>3.15.0</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.15.0">2021-06-20</a></br><ul> <li>Added <code>RegExp</code> named capture groups polyfill, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/521" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/521/hovercard">#521</a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/944" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/944/hovercard">#944</a></li> <li>Added <code>RegExp</code> <code>dotAll</code> flag polyfill, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/792" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/792/hovercard">#792</a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/944" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/944/hovercard">#944</a></li> <li>Added missed polyfills of <a href="https://tc39.es/ecma262/#sec-additional-built-in-properties" rel="nofollow">Annex B</a> features (required mainly for some non-browser engines), <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/336" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/336/hovercard">#336</a>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/945" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/945/hovercard">#945</a>: <ul> <li><code>escape</code></li> <li><code>unescape</code></li> <li><code>String.prototype.substr</code></li> <li><code>Date.prototype.getYear</code></li> <li><code>Date.prototype.setYear</code></li> <li><code>Date.prototype.toGMTString</code></li> </ul> </li> <li>Fixed detection of forbidden host code points in <code>URL</code> polyfill</li> <li>Allowed <code>rhino</code> target in <code>core-js-compat</code> / <code>core-js-builder</code>, added compat data for <code>rhino</code> 1.7.13, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/942" data-hovercard-type="pull_request" data-hovercard-url="/zloirock/core-js/pull/942/hovercard">#942</a>, thanks <a href="https://snyk.io/redirect/github/gausie">@ gausie</a></li> <li><code>.at</code> marked as supported from FF90</li> </ul> </li> <li> <b>3.14.0</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.14.0">2021-06-05</a></br><ul> <li>Added polyfill of stable sort in <code>{ Array, %TypedArray% }.prototype.sort</code>, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/769" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/769/hovercard">#769</a></li> <li>Fixed <code>Safari</code> 14.0- <code>%TypedArray%.prototype.sort</code> validation of arguments bug</li> <li><code>.at</code> marked as supported from V8 9.2</li> </ul> </li> <li> <b>3.13.1</b> - <a href="https://snyk.io/redirect/github/zloirock/core-js/releases/tag/v3.13.1">2021-05-29</a></br><ul> <li>Overwrites <code>get-own-property-symbols</code> third-party <code>Symbol</code> polyfill if it's used since it causes a stack overflow, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/774" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/774/hovercard">#774</a></li> <li>Added a workaround of possible browser crash on <code>Object.prototype</code> accessors methods in WebKit ~ Android 4.0, <a href="https://snyk.io/redirect/github/zloirock/core-js/issues/232" data-hovercard-type="issue" data-hovercard-url="/zloirock/core-js/issues/232/hovercard">#232</a></li> </ul> </li> <li> <b>3.13.0</b> - 2021-05-25 </li> <li> <b>3.12.1</b> - 2021-05-08 </li> <li> <b>3.12.0</b> - 2021-05-06 </li> <li> <b>3.11.3</b> - 2021-05-05 </li> <li> <b>3.11.2</b> - 2021-05-03 </li> <li> <b>3.11.1</b> - 2021-04-28 </li> <li> <b>3.11.0</b> - 2021-04-22 </li> <li> <b>3.10.2</b> - 2021-04-19 </li> <li> <b>3.10.1</b> - 2021-04-07 </li> <li> <b>3.10.0</b> - 2021-03-31 </li> <li> <b>3.9.1</b> - 2021-02-28 </li> <li> <b>3.9.0</b> - 2021-02-18 </li> <li> <b>3.8.3</b> - 2021-01-19 </li> </ul> from <a href="https://snyk.io/redirect/github/zloirock/core-js/releases">core-js GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>core-js</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/eaf15afc85003c336f71c113b886aaf6ecb2a807">eaf15af</a> 3.16.4</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/6b61dcf7fc8dcfb7f73127c1c459f4748e72b5fd">6b61dcf</a> fix some missed dependencies</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/21bb08df6a48297708e199e49c6b20ff6cd1d468">21bb08d</a> fix some cases of safe iteration closing</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/9b260b312b70296a8034afd79f5dea7c2857a9cd">9b260b3</a> move generators validation to promises</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/b7edd2a636c18c9776a17bd5902ce888ed8b8aa6">b7edd2a</a> fix `.return`</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/322be736008809329e8aa792f04e8314d7773996">322be73</a> behavior of `.next`, `.return`, `.throw` methods on `AsyncIterator` helpers proxy iterators aligned with the current spec draft (built-in async generators) (mainly - some early errors moved to returned promises)</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/8df6d0eae7c77827db59ee5a8fb4cc77bd58d68e">8df6d0e</a> align handling of optional `.next` arguments in `(Async)Iterator` methods with the current spec draft</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/0f1bc28cead0371692df45bfca471d9aea833db9">0f1bc28</a> refactor to use `getIteratorMethod` + `getIterator` in some cases</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/5bb48b3de33953f54659325a4938952b108ae319">5bb48b3</a> prevent double get of `@@(async)iterator` property</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/9773ec3b950ca679827c25c6c88e42bb770b23a3">9773ec3</a> remove unnecessary check</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/f801a19aa05fb4ca4318a287ae374e0c1ae2b8ac">f801a19</a> `AsyncFromSyncIterator` made stricter</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/80f739a185a1b3f08875e10a488e4dd406dec8e6">80f739a</a> update dependencies</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/91bf8a713c2b4921079f078f0142941a872b98e6">91bf8a7</a> update dependencies</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/85c7c7d60b1cc54cd2e935081da9887e60654582">85c7c7d</a> fix an entries content test</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/c3379753e65b4bec3adb10261c8042fbbbf9c5be">c337975</a> fix missed dependency</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/390238278109a4517e438c339a22bcbadd87362d">3902382</a> 3.16.3</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/0333511efc38122506527d6146e9b93f4f3b9cc1">0333511</a> fix `CreateAsyncFromSyncIterator` semantic in `AsyncIterator.from`, related to #765</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/4e72728fa1d8d23c97e6fe015078a4ba71617f04">4e72728</a> update dependencies</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/aef98d68b849d06b8e4616fa6fd9552081f17567">aef98d6</a> add `_babelPolyfill` to `core-js` detection script</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/a3f2dc01bc045c117da74779708e1acb0f0d38e5">a3f2dc0</a> use `@ babel/eslint-parser` at the top level of `eslint` config</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/f77b46768ec602809e4b04b62710560e7e0ff83b">f77b467</a> (just in case) make `isDataDescriptor` operation stricter</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/67ed50da51a96f65beea9354079ceb2b07a6f351">67ed50d</a> fix some entries of comma operator</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/4a56ece64adc9653a4c8a648955a5a95aba22fd8">4a56ece</a> some stylistic changes</li> <li><a href="https://snyk.io/redirect/github/zloirock/core-js/commit/687dde1fcce495f51e3922e39dfa78e4a6f27e15">687dde1</a> update dependencies</li> </ul>

<a href="https://snyk.io/redirect/github/zloirock/core-js/compare/a88734f1d7d8c1b5bb797e1b8ece2ec1961111c6...eaf15afc85003c336f71c113b886aaf6ecb2a807">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NDVlNDFiMi1mMjQ3LTQ1OTItOWI4My0yNzg1NTQ3YWExN2UiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY0NWU0MWIyLWYyNDctNDU5Mi05YjgzLTI3ODU1NDdhYTE3ZSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"645e41b2-f247-4592-9b83-2785547aa17e","prPublicId":"645e41b2-f247-4592-9b83-2785547aa17e","dependencies":[{"name":"core-js","from":"3.8.3","to":"3.16.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/moghwan/project/1fa8517f-6403-4f46-8ddb-75d033d75024?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"1fa8517f-6403-4f46-8ddb-75d033d75024","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":22,"publishedDate":"2021-08-29T14:55:50.691Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+4 -4

0 comment

2 changed files

pr created time in 26 minutes

PR opened javifelices/Herramientas-Frontend-2015

[Snyk] Upgrade it-charly-scrapper from 0.0.2 to 0.0.3

<h3>Snyk has created this PR to upgrade it-charly-scrapper from 0.0.2 to 0.0.3.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 6 years ago, on 2015-12-11.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1ZTM5NmRlZi1iZDBlLTQ3ZTMtYThkNC0zMjIxOGVkNzZlNWMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjVlMzk2ZGVmLWJkMGUtNDdlMy1hOGQ0LTMyMjE4ZWQ3NmU1YyJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"5e396def-bd0e-47e3-a8d4-32218ed76e5c","prPublicId":"5e396def-bd0e-47e3-a8d4-32218ed76e5c","dependencies":[{"name":"it-charly-scrapper","from":"0.0.2","to":"0.0.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/82b04202-af44-426d-81aa-ca73bdc86399?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"82b04202-af44-426d-81aa-ca73bdc86399","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2015-12-11T17:19:41.539Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 31 minutes

PR opened javifelices/Herramientas-Frontend-2015

[Snyk] Upgrade express from 4.13.3 to 4.17.1

<h3>Snyk has created this PR to upgrade express from 4.13.3 to 4.17.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 16 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2019-05-26.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:negotiator:20160616 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:fresh:20170908 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:ms:20170412 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:mime:20170907 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png" width="20" height="20" title="low severity"/> Regular Expression Denial of Service (ReDoS)<br/> npm:debug:20170905 589/1000 <br/> Why? Has a fix available, CVSS 7.5 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>express</b></summary> <ul> <li> <b>4.17.1</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.17.1">2019-05-26</a></br><ul> <li>Revert "Improve error message for <code>null</code>/<code>undefined</code> to <code>res.status</code>"</li> </ul> </li> <li> <b>4.17.0</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.17.0">2019-05-17</a></br><ul> <li>Add <code>express.raw</code> to parse bodies into <code>Buffer</code></li> <li>Add <code>express.text</code> to parse bodies into string</li> <li>Improve error message for non-strings to <code>res.sendFile</code></li> <li>Improve error message for <code>null</code>/<code>undefined</code> to <code>res.status</code></li> <li>Support multiple hosts in <code>X-Forwarded-Host</code></li> <li>deps: accepts@~1.3.7</li> <li>deps: body-parser@1.19.0 <ul> <li>Add encoding MIK</li> <li>Add petabyte (<code>pb</code>) support</li> <li>Fix parsing array brackets after index</li> <li>deps: bytes@3.1.0</li> <li>deps: http-errors@1.7.2</li> <li>deps: iconv-lite@0.4.24</li> <li>deps: qs@6.7.0</li> <li>deps: raw-body@2.4.0</li> <li>deps: type-is@~1.6.17</li> </ul> </li> <li>deps: content-disposition@0.5.3</li> <li>deps: cookie@0.4.0 <ul> <li>Add <code>SameSite=None</code> support</li> </ul> </li> <li>deps: finalhandler@~1.1.2 <ul> <li>Set stricter <code>Content-Security-Policy</code> header</li> <li>deps: parseurl@~1.3.3</li> <li>deps: statuses@~1.5.0</li> </ul> </li> <li>deps: parseurl@~1.3.3</li> <li>deps: proxy-addr@~2.0.5 <ul> <li>deps: ipaddr.js@1.9.0</li> </ul> </li> <li>deps: qs@6.7.0 <ul> <li>Fix parsing array brackets after index</li> </ul> </li> <li>deps: range-parser@~1.2.1</li> <li>deps: send@0.17.1 <ul> <li>Set stricter CSP header in redirect & error responses</li> <li>deps: http-errors@~1.7.2</li> <li>deps: mime@1.6.0</li> <li>deps: ms@2.1.1</li> <li>deps: range-parser@~1.2.1</li> <li>deps: statuses@~1.5.0</li> <li>perf: remove redundant <code>path.normalize</code> call</li> </ul> </li> <li>deps: serve-static@1.14.1 <ul> <li>Set stricter CSP header in redirect response</li> <li>deps: parseurl@~1.3.3</li> <li>deps: send@0.17.1</li> </ul> </li> <li>deps: setprototypeof@1.1.1</li> <li>deps: statuses@~1.5.0 <ul> <li>Add <code>103 Early Hints</code></li> </ul> </li> <li>deps: type-is@~1.6.18 <ul> <li>deps: mime-types@~2.1.24</li> <li>perf: prevent internal <code>throw</code> on invalid type</li> </ul> </li> </ul> </li> <li> <b>4.16.4</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.16.4">2018-10-11</a></br><ul> <li>Fix issue where <code>"Request aborted"</code> may be logged in <code>res.sendfile</code></li> <li>Fix JSDoc for <code>Router</code> constructor</li> <li>deps: body-parser@1.18.3 <ul> <li>Fix deprecation warnings on Node.js 10+</li> <li>Fix stack trace for strict json parse error</li> <li>deps: depd@~1.1.2</li> <li>deps: http-errors@~1.6.3</li> <li>deps: iconv-lite@0.4.23</li> <li>deps: qs@6.5.2</li> <li>deps: raw-body@2.3.3</li> <li>deps: type-is@~1.6.16</li> </ul> </li> <li>deps: proxy-addr@~2.0.4 <ul> <li>deps: ipaddr.js@1.8.0</li> </ul> </li> <li>deps: qs@6.5.2</li> <li>deps: safe-buffer@5.1.2</li> </ul> </li> <li> <b>4.16.3</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.16.3">2018-03-12</a></br><ul> <li>deps: accepts@~1.3.5 <ul> <li>deps: mime-types@~2.1.18</li> </ul> </li> <li>deps: depd@~1.1.2 <ul> <li>perf: remove argument reassignment</li> </ul> </li> <li>deps: encodeurl@~1.0.2 <ul> <li>Fix encoding <code>%</code> as last character</li> </ul> </li> <li>deps: finalhandler@1.1.1 <ul> <li>Fix 404 output for bad / missing pathnames</li> <li>deps: encodeurl@~1.0.2</li> <li>deps: statuses@~1.4.0</li> </ul> </li> <li>deps: proxy-addr@~2.0.3 <ul> <li>deps: ipaddr.js@1.6.0</li> </ul> </li> <li>deps: send@0.16.2 <ul> <li>Fix incorrect end tag in default error & redirects</li> <li>deps: depd@~1.1.2</li> <li>deps: encodeurl@~1.0.2</li> <li>deps: statuses@~1.4.0</li> </ul> </li> <li>deps: serve-static@1.13.2 <ul> <li>Fix incorrect end tag in redirects</li> <li>deps: encodeurl@~1.0.2</li> <li>deps: send@0.16.2</li> </ul> </li> <li>deps: statuses@~1.4.0</li> <li>deps: type-is@~1.6.16 <ul> <li>deps: mime-types@~2.1.18</li> </ul> </li> </ul> </li> <li> <b>4.16.2</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.16.2">2017-10-10</a></br><ul> <li>Fix <code>TypeError</code> in <code>res.send</code> when given <code>Buffer</code> and <code>ETag</code> header set</li> <li>perf: skip parsing of entire <code>X-Forwarded-Proto</code> header</li> </ul> </li> <li> <b>4.16.1</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.16.1">2017-09-29</a></br><ul> <li>deps: send@0.16.1</li> <li>deps: serve-static@1.13.1 <ul> <li>Fix regression when <code>root</code> is incorrectly set to a file</li> <li>deps: send@0.16.1</li> </ul> </li> </ul> </li> <li> <b>4.16.0</b> - <a href="https://snyk.io/redirect/github/expressjs/express/releases/tag/4.16.0">2017-09-28</a></br><ul> <li>Add <code>"json escape"</code> setting for <code>res.json</code> and <code>res.jsonp</code></li> <li>Add <code>express.json</code> and <code>express.urlencoded</code> to parse bodies</li> <li>Add <code>options</code> argument to <code>res.download</code></li> <li>Improve error message when autoloading invalid view engine</li> <li>Improve error messages when non-function provided as middleware</li> <li>Skip <code>Buffer</code> encoding when not generating ETag for small response</li> <li>Use <code>safe-buffer</code> for improved Buffer API</li> <li>deps: accepts@~1.3.4 <ul> <li>deps: mime-types@~2.1.16</li> </ul> </li> <li>deps: content-type@~1.0.4 <ul> <li>perf: remove argument reassignment</li> <li>perf: skip parameter parsing when no parameters</li> </ul> </li> <li>deps: etag@~1.8.1 <ul> <li>perf: replace regular expression with substring</li> </ul> </li> <li>deps: finalhandler@1.1.0 <ul> <li>Use <code>res.headersSent</code> when available</li> </ul> </li> <li>deps: parseurl@~1.3.2 <ul> <li>perf: reduce overhead for full URLs</li> <li>perf: unroll the "fast-path" <code>RegExp</code></li> </ul> </li> <li>deps: proxy-addr@~2.0.2 <ul> <li>Fix trimming leading / trailing OWS in <code>X-Forwarded-For</code></li> <li>deps: forwarded@~0.1.2</li> <li>deps: ipaddr.js@1.5.2</li> <li>perf: reduce overhead when no <code>X-Forwarded-For</code> header</li> </ul> </li> <li>deps: qs@6.5.1 <ul> <li>Fix parsing & compacting very deep objects</li> </ul> </li> <li>deps: send@0.16.0 <ul> <li>Add 70 new types for file extensions</li> <li>Add <code>immutable</code> option</li> <li>Fix missing <code></html></code> in default error & redirects</li> <li>Set charset as "UTF-8" for .js and .json</li> <li>Use instance methods on steam to check for listeners</li> <li>deps: mime@1.4.1</li> <li>perf: improve path validation speed</li> </ul> </li> <li>deps: serve-static@1.13.0 <ul> <li>Add 70 new types for file extensions</li> <li>Add <code>immutable</code> option</li> <li>Set charset as "UTF-8" for .js and .json</li> <li>deps: send@0.16.0</li> </ul> </li> <li>deps: setprototypeof@1.1.0</li> <li>deps: utils-merge@1.0.1</li> <li>deps: vary@~1.1.2 <ul> <li>perf: improve header token parsing speed</li> </ul> </li> <li>perf: re-use options object when generating ETags</li> <li>perf: remove dead <code>.charset</code> set in <code>res.jsonp</code></li> </ul> </li> <li> <b>4.15.5</b> - 2017-09-25 </li> <li> <b>4.15.4</b> - 2017-08-07 </li> <li> <b>4.15.3</b> - 2017-05-17 </li> <li> <b>4.15.2</b> - 2017-03-06 </li> <li> <b>4.15.1</b> - 2017-03-06 </li> <li> <b>4.15.0</b> - 2017-03-01 </li> <li> <b>4.14.1</b> - 2017-01-28 </li> <li> <b>4.14.0</b> - 2016-06-16 </li> <li> <b>4.13.4</b> - 2016-01-22 </li> <li> <b>4.13.3</b> - 2015-08-03 </li> </ul> from <a href="https://snyk.io/redirect/github/expressjs/express/releases">express GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>express</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/e1b45ebd050b6f06aa38cda5aaf0c21708b0c71e">e1b45eb</a> 4.17.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/0a48e18056865364b2461b2ece7ccb2d1075d3c9">0a48e18</a> Revert "Improve error message for null/undefined to res.status"</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/eed05a1464485edc5154ce989a679ba602f11ed8">eed05a1</a> build: Node.js@12.3</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/10c7756764fbe969b307b15a72fd074479c00f8d">10c7756</a> 4.17.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/9dadca2c64ae717063b0e9071143065896ebb676">9dadca2</a> docs: remove Gratipay links</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/b8e50568af9c73ef1ade434e92c60d389868361d">b8e5056</a> tests: ignore unreachable line</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/94e48a16f273963dc37829352b7381e4e9222315">94e48a1</a> build: update example dependencies</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/efcb17dcb21699ef685eff4455a9443f707a4901">efcb17d</a> deps: cookie@0.4.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/b9ecb9afe336ad00eb6e2dbc055e838649fe784f">b9ecb9a</a> build: support Node.js 12.x</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/5266f3a5cb25fdd6846b76a727d601506791c4ce">5266f3a</a> build: test against Node.js 13.x nightly</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/e502dde3c8c82ff107603f78d6cac9a33a699dd7">e502dde</a> build: Node.js@10.15</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/da6f701317d154e47921139257ffcefb15d15ca7">da6f701</a> deps: range-parser@~1.2.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/88f9733ffa58ce89bd5a9b207f0c8b4c2965fec6">88f9733</a> deps: serve-static@1.14.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/8267c4b72422e68654849a71bfb74141d77bb875">8267c4b</a> deps: send@0.17.1</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/bc07a41693f8c7e9bde2bfb4cd5390ad6e3b1337">bc07a41</a> deps: finalhandler@~1.1.2</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/c754c8ad7b33a1d9ec6bec88bc44734c16c36167">c754c8a</a> build: support Node.js 11.x</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/e91702872994523dbb9f7da1bf30854c5dfb834a">e917028</a> build: Node.js@8.16</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/7b076bd8e1c428da4887856d34b813aba2732c19">7b076bd</a> build: Node.js@6.17</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/bb5211fa1cdf6da767960c2a8aa97f8c8f31e9c5">bb5211f</a> tests: add express.text test suite</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/7f4e37f3ea0bf99287472dd72f48d12a3b3d0b71">7f4e37f</a> Add express.text to parse bodies into string</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/11192bd168c5996efe718664a3f4d8f77dbaa71b">11192bd</a> tests: add express.raw test suite</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/0bcdd88dd089c8da7f29e76e8f152a40ca0bcf69">0bcdd88</a> Add express.raw to parse bodies into Buffer</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/60aacac1670f01857961fb7d765eb015efb0be5b">60aacac</a> deps: serve-static@1.14.0</li> <li><a href="https://snyk.io/redirect/github/expressjs/express/commit/70a19472f1ec22642ea98baa5f76b5ba656e7235">70a1947</a> deps: send@0.17.0</li> </ul>

<a href="https://snyk.io/redirect/github/expressjs/express/compare/ef7ad681b245fba023843ce94f6bcb8e275bbb8e...e1b45ebd050b6f06aa38cda5aaf0c21708b0c71e">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1ZGIyMDMwZi0zZWJiLTQyZjYtYmRiNi0wMTk2ZDExMjE4YjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjVkYjIwMzBmLTNlYmItNDJmNi1iZGI2LTAxOTZkMTEyMThiNCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"5db2030f-3ebb-42f6-bdb6-0196d11218b4","prPublicId":"5db2030f-3ebb-42f6-bdb6-0196d11218b4","dependencies":[{"name":"express","from":"4.13.3","to":"4.17.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/82b04202-af44-426d-81aa-ca73bdc86399?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"82b04202-af44-426d-81aa-ca73bdc86399","env":"prod","prType":"upgrade","vulns":["npm:negotiator:20160616","npm:fresh:20170908","npm:ms:20170412","npm:mime:20170907","npm:debug:20170905"],"issuesToFix":[{"issueId":"npm:negotiator:20160616","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":589,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"npm:fresh:20170908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":589,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"npm:ms:20170412","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":399,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185}]},{"issueId":"npm:mime:20170907","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":399,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185}]},{"issueId":"npm:debug:20170905","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":399,"priorityScoreFactors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185}]}],"upgrade":["npm:negotiator:20160616","npm:fresh:20170908","npm:ms:20170412","npm:mime:20170907","npm:debug:20170905"],"upgradeInfo":{"versionsDiff":16,"publishedDate":"2019-05-26T04:25:34.606Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[589,589,399,399,399]}) --->

+1 -1

0 comment

1 changed file

pr created time in 31 minutes

PR opened KamilMr/Kodilla-travel-agency-web

[Snyk] Upgrade: @babel/core, @babel/preset-env

<h3>Snyk has created this PR to upgrade multiple dependencies.</h3> ๐Ÿ‘ฏโ€โ™‚ The following dependencies are linked and will therefore be updated together. </br></br> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. </br></br>

Name Versions Released on
@babel/core</br>from 7.14.6 to 7.15.0 2 versions ahead of your current version a month ago</br>on 2021-08-04
@babel/preset-env</br>from 7.14.7 to 7.15.0 3 versions ahead of your current version a month ago</br>on 2021-08-04

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@babel/preset-env</b></summary> <ul> <li> <b>7.15.0</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.15.0">2021-08-04</a></br><h2>v7.15.0 (2021-08-04)</h2> <p>Thanks <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/a-tarasyuk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/a-tarasyuk">@ a-tarasyuk</a> and <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/gausie/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/gausie">@ gausie</a> for your first PRs!</p> <h4><g-emoji class="g-emoji" alias="eyeglasses" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">๐Ÿ‘“</g-emoji> Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13523" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13523/hovercard">#13523</a> feat(ts): raise error for abstract property with initializer (<a href="https://snyk.io/redirect/github/fedeci">@ fedeci</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="rocket" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f680.png">๐Ÿš€</g-emoji> New Feature</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13229" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13229/hovercard">#13229</a> Add <code>attachComment</code> parser option to disable comment attachment (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-standalone</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13476" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13476/hovercard">#13476</a> standalone: update <code>preset-stage-*</code> (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13555" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13555/hovercard">#13555</a> feat: support hack pipeline in <code>@ babel/standalone</code> (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-preset-env</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13387" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13387/hovercard">#13387</a> Enable top-level <code>await</code> parsing by default (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-plugin-transform-typescript</code>, <code>babel-preset-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13324" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13324/hovercard">#13324</a> Support TypeScript const enums (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13528" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13528/hovercard">#13528</a> feat(typescript): implement namespace alias (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-helper-create-class-features-plugin</code>, <code>babel-helper-module-transforms</code>, <code>babel-plugin-transform-modules-commonjs</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13290" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13290/hovercard">#13290</a> feat: add <code>noIncompleteNsImportDetection</code> assumption to <code>plugin-transform-modules-commonjs</code> (<a href="https://snyk.io/redirect/github/fedeci">@ fedeci</a>)</li> </ul> </li> <li><code>babel-plugin-transform-react-display-name</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13501" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13501/hovercard">#13501</a> Add display name after create context (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-parser</code>, <code>babel-plugin-proposal-pipeline-operator</code>, <code>babel-plugin-syntax-pipeline-operator</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13416" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13416/hovercard">#13416</a> Hack-pipe proposal with <code>%</code> topic token (<a href="https://snyk.io/redirect/github/js-choi">@ js-choi</a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-parser</code>, <code>babel-plugin-proposal-pipeline-operator</code>, <code>babel-plugin-syntax-pipeline-operator</code>, <code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13191" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13191/hovercard">#13191</a> Add support for the "Hack" pipeline proposal (<a href="https://snyk.io/redirect/github/js-choi">@ js-choi</a>)</li> </ul> </li> <li><code>babel-plugin-transform-runtime</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13398" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13398/hovercard">#13398</a> Expose <code>@ babel/eslint-parser/experimental-worker</code> (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-helper-compilation-targets</code>, <code>babel-preset-env</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13448" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13448/hovercard">#13448</a> Add support for rhino as a compilation target (<a href="https://snyk.io/redirect/github/gausie">@ gausie</a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-parser</code>, <code>babel-preset-env</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13554" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13554/hovercard">#13554</a> Enable ergonomic brand checks (<code>#priv in</code>) by default (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="bug" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">๐Ÿ›</g-emoji> Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13513" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13513/hovercard">#13513</a> [ts] support optional chain call with generic (<a href="https://snyk.io/redirect/github/lala7573">@ lala7573</a>)</li> </ul> </li> <li><code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13605" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13605/hovercard">#13605</a> Handle typescript function overloading in a default export (<a href="https://snyk.io/redirect/github/tony-go">@ tony-go</a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13536" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13536/hovercard">#13536</a> Fix <code>%==</code> parsing in hack pipes (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13426" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13426/hovercard">#13426</a> parser: Fix Hack/smart-pipe error positions (<a href="https://snyk.io/redirect/github/js-choi">@ js-choi</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13622" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13622/hovercard">#13622</a> fix(ts): raise error for <code>export default interface {}</code> (<a href="https://snyk.io/redirect/github/a-tarasyuk">@ a-tarasyuk</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="memo" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f4dd.png">๐Ÿ“</g-emoji> Documentation</h4> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13607" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13607/hovercard">#13607</a> chore(doc): add jest specific pckg command (<a href="https://snyk.io/redirect/github/tony-go">@ tony-go</a>)</li> </ul> <h4>Committers: 10</h4> <ul> <li>Federico Ciardi (<a href="https://snyk.io/redirect/github/fedeci">@ fedeci</a>)</li> <li>Huรกng Jรนnliร ng (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li>J.ย S.ย Choi (<a href="https://snyk.io/redirect/github/js-choi">@ js-choi</a>)</li> <li>Nicolรฒ Ribaudo (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> <li>Oleksandr T. (<a href="https://snyk.io/redirect/github/a-tarasyuk">@ a-tarasyuk</a>)</li> <li>Samuel Gaus (<a href="https://snyk.io/redirect/github/gausie">@ gausie</a>)</li> <li>Sosuke Suzuki (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li>Tony Gorez (<a href="https://snyk.io/redirect/github/tony-go">@ tony-go</a>)</li> <li>Yeonju Hwang (<a href="https://snyk.io/redirect/github/lala7573">@ lala7573</a>)</li> <li>็Ž‹ๆธ…้›จ (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> </ul> </li> <li> <b>7.14.9</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.14.9">2021-08-01</a></br><h2>v7.14.9 (2021-08-01)</h2> <p>Thanks <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/SCLeoX/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/SCLeoX">@ SCLeoX</a> for your first PR!</p> <h4><g-emoji class="g-emoji" alias="bug" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">๐Ÿ›</g-emoji> Bug Fix</h4> <ul> <li><code>babel-traverse</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13596" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13596/hovercard">#13596</a> Fix completion record for variable declarations (<a href="https://snyk.io/redirect/github/addaleax">@ addaleax</a>)</li> </ul> </li> <li><code>babel-plugin-proposal-class-properties</code>, <code>babel-plugin-transform-classes</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13600" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13600/hovercard">#13600</a> Extract computed keys from the class closure (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-plugin-transform-react-jsx-development</code>, <code>babel-plugin-transform-react-jsx-self</code>, <code>babel-plugin-transform-react-jsx</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13552" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13552/hovercard">#13552</a> Don't insert <code>__self: this</code> within constructors of derived classes (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="941543659" data-permission-text="Title is private" data-url="https://github.com/babel/babel/issues/13550" data-hovercard-type="issue" data-hovercard-url="/babel/babel/issues/13550/hovercard" href="https://snyk.io/redirect/github/babel/babel/issues/13550">#13550</a>) (<a href="https://snyk.io/redirect/github/SCLeoX">@ SCLeoX</a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13581" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13581/hovercard">#13581</a> [ts] Check if param is assignable when parsing arrow return type (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13577" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13577/hovercard">#13577</a> add 12 missing NODE_FIELDS (<a href="https://snyk.io/redirect/github/jedwards1211">@ jedwards1211</a>)</li> </ul> </li> <li><code>babel-plugin-proposal-async-generator-functions</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13491" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13491/hovercard">#13491</a> Fix <code>_step.value</code> access in <code>for await</code> (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="house" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">๐Ÿ </g-emoji> Internal</h4> <ul> <li>Other <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13614" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13614/hovercard">#13614</a> Update Rollup to <code>~2.54.0</code> (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-helper-validator-identifier</code>, <code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13606" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13606/hovercard">#13606</a> chore: reorganize benchmarks (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="running_woman" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3c3-2640.png">๐Ÿƒโ€โ™€๏ธ</g-emoji> Performance</h4> <ul> <li><code>babel-parser</code>, <code>babel-traverse</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13611" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13611/hovercard">#13611</a> Replace generic __clone call by specific methods (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13593" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13593/hovercard">#13593</a> Generator performance (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4>Committers: 8</h4> <ul> <li>Andy Edwards (<a href="https://snyk.io/redirect/github/jedwards1211">@ jedwards1211</a>)</li> <li>Anna Henningsen (<a href="https://snyk.io/redirect/github/addaleax">@ addaleax</a>)</li> <li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@ babel-bot</a>)</li> <li>Henry Zhu (<a href="https://snyk.io/redirect/github/hzoo">@ hzoo</a>)</li> <li>Huรกng Jรนnliร ng (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li>Nicolรฒ Ribaudo (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> <li>Rin Tepis (<a href="https://snyk.io/redirect/github/SCLeoX">@ SCLeoX</a>)</li> <li>็Ž‹ๆธ…้›จ (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> </ul> </li> <li> <b>7.14.8</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.14.8">2021-07-20</a></br><h2>v7.14.8 (2021-07-20)</h2> <p>Thanks <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/colinaaa/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>, <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/jaeseokk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jaeseokk">@ jaeseokk</a> and <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/nme077/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/nme077">@ nme077</a> for your first PRs!</p> <h4><g-emoji class="g-emoji" alias="eyeglasses" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">๐Ÿ‘“</g-emoji> Spec Compliance</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-class-static-block</code>, <code>babel-plugin-transform-new-target</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13560" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13560/hovercard">#13560</a> fix(class-properties): replace <code>new.target</code> in static properties with <code>undefined</code> (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13088" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13088/hovercard">#13088</a> Fix await binding error within static block (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13531" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13531/hovercard">#13531</a> fix: disallow computed <code>async</code>/<code>get</code>/<code>set</code> keyword (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-helper-module-transforms</code>, <code>babel-helper-simple-access</code>, <code>babel-plugin-transform-modules-commonjs</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13258" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13258/hovercard">#13258</a> Fix const violations in ESM imports when transformed to CJS (<a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="bug" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">๐Ÿ›</g-emoji> Bug Fix</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13575" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13575/hovercard">#13575</a> Update babel-parser.d.ts (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13548" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13548/hovercard">#13548</a> Fix parser <code>strictMode</code> option (<a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13573" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13573/hovercard">#13573</a> Fix issue to allow module block in member expression (<a href="https://snyk.io/redirect/github/nme077">@ nme077</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13521" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13521/hovercard">#13521</a> Overhaul comment attachment (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13534" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13534/hovercard">#13534</a> Async do expression should start at async (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-plugin-transform-arrow-functions</code>, <code>babel-traverse</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/12344" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/12344/hovercard">#12344</a> Fix arrow transformation when <code>arguments</code> is defined as variable (<a href="https://snyk.io/redirect/github/snitin315">@ snitin315</a>)</li> </ul> </li> <li><code>babel-traverse</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13527" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13527/hovercard">#13527</a> fix: accept duplicated import/variable in different module (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> </ul> </li> <li><code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13525" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13525/hovercard">#13525</a> fix(babel-types): accept <code>UnaryExpression</code> in <code>TSLiteralType</code> (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13500" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13500/hovercard">#13500</a> Add typeParameters to tagged template visitor keys (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="nail_care" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">๐Ÿ’…</g-emoji> Polish</h4> <ul> <li><code>babel-core</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13515" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13515/hovercard">#13515</a> Fix config validation message typo (<a href="https://snyk.io/redirect/github/jaeseokk">@ jaeseokk</a>)</li> </ul> </li> <li><code>babel-cli</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13508" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13508/hovercard">#13508</a> fix: sync default_extensions to babel-cli usage (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="memo" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f4dd.png">๐Ÿ“</g-emoji> Documentation</h4> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13562" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13562/hovercard">#13562</a> Fix <code>make generate-standalone</code> -> <code>make build-standalone</code> (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> </ul> <h4><g-emoji class="g-emoji" alias="house" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">๐Ÿ </g-emoji> Internal</h4> <ul> <li><code>babel-helpers</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13522" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13522/hovercard">#13522</a> minor improvement to gulp generate-runtime-helpers error message (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="running_woman" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3c3-2640.png">๐Ÿƒโ€โ™€๏ธ</g-emoji> Performance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13521" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13521/hovercard">#13521</a> Overhaul comment attachment (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4>Committers: 12</h4> <ul> <li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@ babel-bot</a>)</li> <li>Bogdan Savluk (<a href="https://snyk.io/redirect/github/zxbodya">@ zxbodya</a>)</li> <li>Federico Ciardi (<a href="https://snyk.io/redirect/github/fedeci">@ fedeci</a>)</li> <li>Huรกng Jรนnliร ng (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li>Jaeseok Kang (<a href="https://snyk.io/redirect/github/jaeseokk">@ jaeseokk</a>)</li> <li>Mickey Rose (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> <li>Nicholas Eveland (<a href="https://snyk.io/redirect/github/nme077">@ nme077</a>)</li> <li>Nitin Kumar (<a href="https://snyk.io/redirect/github/snitin315">@ snitin315</a>)</li> <li>Sosuke Suzuki (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li>Tony Gorez (<a href="https://snyk.io/redirect/github/tony-go">@ tony-go</a>)</li> <li><a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a></li> <li>็Ž‹ๆธ…้›จ (<a href="https://snyk.io/redirect/github/colinaaa">@ colinaaa</a>)</li> </ul> </li> <li> <b>7.14.7</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.14.7">2021-06-21</a></br><a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.14.7"> Read more </a> </li> </ul> from <a href="https://snyk.io/redirect/github/babel/babel/releases">@babel/preset-env GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiNjc1OTliMi1iZTM1LTQ3ZTgtYmQ5Ni1lNGZiZmE5OWI5NTAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImI2NzU5OWIyLWJlMzUtNDdlOC1iZDk2LWU0ZmJmYTk5Yjk1MCJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"b67599b2-be35-47e8-bd96-e4fbfa99b950","prPublicId":"b67599b2-be35-47e8-bd96-e4fbfa99b950","dependencies":[{"name":"@babel/core","from":"7.14.6","to":"7.15.0"},{"name":"@babel/preset-env","from":"7.14.7","to":"7.15.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/kamilmr/project/92c23c61-614c-48bd-b3aa-987546e80e3c?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"92c23c61-614c-48bd-b3aa-987546e80e3c","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2021-08-04T21:13:15.416Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+975 -496

0 comment

2 changed files

pr created time in 32 minutes

PR opened javifelices/atom

[Snyk] Upgrade legal-eagle from 0.4.0 to 0.16.0

<h3>Snyk has created this PR to upgrade legal-eagle from 0.4.0 to 0.16.0.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2018-07-19.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>legal-eagle</b></summary> <ul> <li> <b>0.16.0</b> - 2018-07-19 </li> <li> <b>0.15.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.15.0">2017-05-30</a></br><p>0.15.0</p> </li> <li> <b>0.14.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.14.0">2017-03-09</a></br><p>0.14.0</p> </li> <li> <b>0.13.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.13.0">2015-11-10</a></br><p>0.13.0</p> </li> <li> <b>0.12.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.12.0">2015-11-05</a></br><p>0.12.0</p> </li> <li> <b>0.11.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.11.0">2015-10-05</a></br><p>0.11.0</p> </li> <li> <b>0.10.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.10.0">2015-06-22</a></br><p>0.10.0</p> </li> <li> <b>0.9.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.9.0">2015-01-23</a></br><p>0.9.0</p> </li> <li> <b>0.8.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.8.0">2015-01-08</a></br><p>0.8.0</p> </li> <li> <b>0.7.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.7.0">2014-12-22</a></br><p>0.7.0</p> </li> <li> <b>0.6.0</b> - <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases/tag/v0.6.0">2014-11-18</a></br><p>0.6.0</p> </li> <li> <b>0.5.0</b> - 2014-11-17 </li> <li> <b>0.4.0</b> - 2014-03-24 </li> </ul> from <a href="https://snyk.io/redirect/github/atom/legal-eagle/releases">legal-eagle GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIzZDJjZDAzYy1iYmQ3LTQwYTAtYTk2ZS00ZDg2ZWQxNjAzZmEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjNkMmNkMDNjLWJiZDctNDBhMC1hOTZlLTRkODZlZDE2MDNmYSJ9fQ==" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"3d2cd03c-bbd7-40a0-a96e-4d86ed1603fa","prPublicId":"3d2cd03c-bbd7-40a0-a96e-4d86ed1603fa","dependencies":[{"name":"legal-eagle","from":"0.4.0","to":"0.16.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/8c05dc5a-638b-4894-bd8c-25d496a47e1d?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"8c05dc5a-638b-4894-bd8c-25d496a47e1d","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":12,"publishedDate":"2018-07-19T23:47:31.922Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 37 minutes

PR opened javifelices/atom

[Snyk] Upgrade minidump from 0.8.0 to 0.22.0

<h3>Snyk has created this PR to upgrade minidump from 0.8.0 to 0.22.0.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2021-04-19.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>minidump</b></summary> <ul> <li> <b>0.22.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.22.0">2021-04-19</a></br>No content. </li> <li> <b>0.21.0</b> - 2021-04-19 </li> <li> <b>0.20.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.20.0">2021-04-09</a></br>No content. </li> <li> <b>0.19.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.19.0">2019-08-26</a></br>No content. </li> <li> <b>0.18.0</b> - 2019-08-26 </li> <li> <b>0.17.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.17.0">2019-08-26</a></br>No content. </li> <li> <b>0.16.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.16.0">2019-07-29</a></br>No content. </li> <li> <b>0.15.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/0.15.0">2018-05-10</a></br><p>0.15.0</p> </li> <li> <b>0.14.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.14.0">2018-04-26</a></br><p>0.14.0</p> </li> <li> <b>0.13.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.13.0">2018-02-15</a></br>No content. </li> <li> <b>0.12.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.12.0">2018-02-14</a></br>No content. </li> <li> <b>0.11.0</b> - <a href="https://snyk.io/redirect/github/electron/node-minidump/releases/tag/v0.11.0">2016-11-09</a></br><p>0.11.0</p> </li> <li> <b>0.10.0</b> - 2016-10-20 </li> <li> <b>0.9.0</b> - 2014-12-22 </li> <li> <b>0.8.0</b> - 2014-09-08 </li> </ul> from <a href="https://snyk.io/redirect/github/electron/node-minidump/releases">minidump GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJiYWM0Y2VkYy0xZmQ3LTQ1MWUtOTY0OC1mNTQ0YTVjMGJhYzUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImJhYzRjZWRjLTFmZDctNDUxZS05NjQ4LWY1NDRhNWMwYmFjNSJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=minidump&from_version=0.8.0&to_version=0.22.0&pr_id=bac4cedc-1fd7-451e-9648-f544a5c0bac5&visibility=false&has_feature_flag=false" width="0" height="0"/>

๐Ÿง View latest project report

๐Ÿ›  Adjust upgrade PR settings

๐Ÿ”• Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"bac4cedc-1fd7-451e-9648-f544a5c0bac5","prPublicId":"bac4cedc-1fd7-451e-9648-f544a5c0bac5","dependencies":[{"name":"minidump","from":"0.8.0","to":"0.22.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/javifelices/project/8c05dc5a-638b-4894-bd8c-25d496a47e1d?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"8c05dc5a-638b-4894-bd8c-25d496a47e1d","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":14,"publishedDate":"2021-04-19T17:03:30.706Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+1 -1

0 comment

1 changed file

pr created time in 37 minutes