orchestrate-node icon indicating copy to clipboard operation
orchestrate-node copied to clipboard

Published 20 hours ago verified publisher icon Consensys

[Snyk] Security upgrade protobufjs from 6.11.2 to 6.11.3

Open snyk-bot opened this issue 2 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 803/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-PROTOBUFJS-2441248		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: protobufjs The new version differs by 7 commits.
  • b130dfd chore(6.x): release 6.11.3 (#1737)
  • c2c17ae build: publish to main
  • b2c6a5c build: run tests if ci label added (#1734)
  • a8681ce fix(deps): use eslint 8.x (#1728)
  • b5f1391 fix: do not let setProperty change the prototype (#1731)
  • 7afd0a3 build: configure 6.x as default branch
  • 37285d0 build: configure backports

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

snyk-bot avatar May 23 '22 19:05 snyk-bot

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 97.20%. Comparing base (b73f964) to head (7cb2bbf). Report is 3 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #242   +/-   ##
=======================================
  Coverage   97.20%   97.20%           
=======================================
  Files          12       12           
  Lines         286      286           
  Branches       19       19           
=======================================
  Hits          278      278           
  Misses          8        8

codecov-commenter avatar May 23 '22 19:05 codecov-commenter