rss-fulltext-proxy icon indicating copy to clipboard operation
rss-fulltext-proxy copied to clipboard

Published 20 hours ago verified publisher icon Kombustor

[Snyk] Security upgrade rss-parser from 3.7.2 to 3.13.0

Open Kombustor opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Prototype Pollution
SNYK-JS-XML2JS-5414874		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: rss-parser The new version differs by 93 commits.
  • 74bdfd2 3.13.0
  • 0413e12 Build distribution
  • 2de2c40 Merge pull request #247 from Arisamiga/master
  • 3265b41 lockfileVersion 3 ->2 for backwards compatibility
  • 986f163 Merge branch 'master' into master
  • 861855f Merge pull request #248 from rbren/rb/update-actions
  • 49b7a41 Update node.js.yml
  • 8e962eb Fix for dependency collision
  • 46667c1 Updated Dependencies
  • 4c1a0dc Merge pull request #242 from d-line/master
  • f76cc42 Merge pull request #2 from d-line/node-bump
  • e51b7be fix: use 3 most recent LTS releases in worklow
  • 54ac781 Merge pull request #1 from d-line/tests-fix
  • 12f3cd2 fix: carefully handle when 'rdf:about' is not there. regenerate test mocks
  • e2e2f4d Merge pull request #203 from yuiseki/rdf-about
  • b8cff02 Merge pull request #209 from drublic/master
  • 697af31 Merge pull request #200 from KevinFerm/patch-1
  • 18dd399 Add field in item: episodeType on itunes data
  • ef4f4a2 fix typo
  • 67c3dbb add `rdf:about` field to item on `parseItemRss`
  • 2e0244a Update index.d.ts
  • 33a9a42 Merge pull request #195 from Booligoosh/patch-1
  • f50421d Merge pull request #196 from drublic/master
  • af6a5ad Fix breakting keywords and categories if there are attributes `text`

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Kombustor avatar Apr 25 '23 14:04 Kombustor