ioBroker.mielecloudservice
ioBroker.mielecloudservice copied to clipboard
Published
20 hours ago •
Grizzelbee
Grizzelbee
[Snyk] Security upgrade @iobroker/adapter-dev from 1.2.0 to 1.3.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459 |
No | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857 |
No | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-AXIOS-6144788 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @iobroker/adapter-dev
The new version differs by 60 commits.- b385277 chore: release v1.3.0
- 363a21b license years
- c5d8bb4 Fixes and tests
- 7fcbe53 Fixes and tests
- d5e2a93 Merge pull request #253 from foxriver76/main
- 682e558 happy linter in the lovely winter
- b42ae03 add ts-expect-error for execa
- 456fb9d add iobroker types globally
- b6485ee updates
- c342304 updates
- eff073f Merge pull request #249 from Steiger04/v1.2.0
- ff59bc6 Merge pull request #250 from klein0r/main
- fb2777b test nodejs 16+
- 91ddcdf npm i for package-lock
- 09e4b0b Keep indentation of io-package
- 5463f75 run npm build
- 53a6482 using of esbuild context added
- 9dbae35 set dot-notation to false in yargs parserConfiguration
- 35eecf9 package.json and tsconfig.json changed
- c58a612 Merge pull request #225 from ioBroker/dependabot/npm_and_yarn/types/yargs-17.0.24
- 9cb0225 Merge pull request #226 from ioBroker/dependabot/npm_and_yarn/typescript-eslint/parser-5.59.1
- 599abfc Merge pull request #227 from ioBroker/dependabot/npm_and_yarn/axios-1.4.0
- 139bd95 Merge pull request #228 from ioBroker/dependabot/npm_and_yarn/types/node-18.16.3
- d3bfb2e chore(deps-dev): bump @ types/node from 18.11.10 to 18.16.3
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Request Forgery (CSRF) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution
