georaster icon indicating copy to clipboard operation
georaster copied to clipboard

Published 20 hours ago verified publisher icon GeoTIFF

[Snyk] Security upgrade worker-loader from 2.0.0 to 3.0.0

Open DanielJDufour opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4		 Prototype Pollution
SNYK-JS-JSON5-3182856		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: worker-loader The new version differs by 28 commits.
  • bc99955 chore(release): 3.0.0
  • 6aa1eb0 docs: improve (#275)
  • 011e4ca refactor: code (#274)
  • f72b252 refactor: use ES modules syntax for inline mode (#273)
  • 76c63fa refactor: code
  • 9079570 fix: unstable `contenthash`
  • 4f9b240 fix: cache identifier for webpack@4 (#270)
  • 5047abb fix: source maps when `inline` using without fallback (#269)
  • f93804e test: refactor (#268)
  • f047ad0 refactor: `inline` option (#267)
  • bb77346 fix: respect `publicPath` from `output.publicPath` (#265)
  • 1e761ed fix: respect `externals` (#264)
  • c117a7c feat: default value of `filename` from `output.filename` (#263)
  • 905ed7b feat: the `chunkFilename` option
  • 8d7cae0 refactor: rename the `name` option (#261)
  • e0d9887 fix: compatibility with webpack@5 (#259)
  • a8ce4ad feat: switch on es module syntax (#257)
  • 152634c fix: support WASM
  • 2b9e2fd feat: `worker` option (#255)
  • 800b074 refactor: test
  • f729e34 fix: memory leak for inline workers (#252)
  • f03498d feat: add the `workerType` option (replaces #178) (#247)
  • 0efd0e4 test: add test with puppeteer (#246)
  • 22d48e4 docs: improve

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

DanielJDufour avatar Dec 25 '22 20:12 DanielJDufour