ryuanime icon indicating copy to clipboard operation
ryuanime copied to clipboard

Published 20 hours ago verified publisher icon ChrisMichaelPerezSantiago

[Snyk] Security upgrade jsdom from 15.1.1 to 16.5.0

Open ChrisMichaelPerezSantiago opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jsdom The new version differs by 176 commits.
  • 2d82763 Version 16.5.0
  • 9741311 Fix loading of subresources with Unicode filenames
  • 5e46553 Use domenic's ESLint config as the base
  • 19b35da Fix the URL of about:blank iframes
  • 017568e Support inputType on InputEvent
  • 29f4fdf Upgrade dependencies
  • e2f7639 Refactor create‑event‑accessor.js to remove code duplication
  • ff69a75 Convert JSDOM to use callback functions
  • 19df6bc Update links in contributing guidelines
  • 1e34ff5 Test triage
  • 1d6cb3c XHR: clear response buffer on errors
  • 1e86b2e XHR: mark Content-Length as CORS-safelisted
  • 6a8f012 XHR: avoid a redundant final progress event
  • 021555b Allow mutating disabled <input type=checkbox/radio>
  • a62d9fe Remove ondragexit from GlobalEventHandlers
  • 745fbaf Call mutation observer callbacks with the MutationObserver as this
  • 6c758c9 Implement window.event
  • a88d0bf Clean up navigator.plugins and navigator.mimeTypes
  • 31eb938 Implement queueMicrotask()
  • 2ab99ad Stop replacing / with : in the File constructor
  • ffd4aa3 Reduce log spam when starting WPT server
  • e0de8be Upgrade to-upstream WPTs to Python 3
  • c94ceeb Automatically omit all testdriver tests
  • b3f6056 Update WPT

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

ChrisMichaelPerezSantiago avatar Jun 30 '23 15:06 ChrisMichaelPerezSantiago