dynamico icon indicating copy to clipboard operation
dynamico copied to clipboard

Published 20 hours ago verified publisher icon OS-Guild

[Snyk] Security upgrade rollup-plugin-typescript2 from 0.20.1 to 0.27.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • client/cli/package.json
    • client/cli/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 691/1000
Why? Recently disclosed, Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-CACHEBASE-1054631		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: rollup-plugin-typescript2 The new version differs by 75 commits.
  • 69502e1 - updating dependencies
  • 034abe0 - updating dependencies
  • fd824de Merge branch 'NotWoods-import-pluginutils'
  • cde185a - rebuild
  • c6c733f Use imports with @ rollup/pluginutils
  • 67748cc - fix for plugin option type
  • b7c7389 - exporting IOptions type
  • 0caa1c4 (docs): async plugins are now supported out-of-the-box (#205)
  • e957a89 - fix for indent
  • ac82124 - package version
  • df241da - undoing debug code
  • cd76b42 - warning message for objectHashIgnoreUnknownHack option
  • 417c8e5 - package version
  • c88688c - updating dependencies
  • 7fd52b7 - updating readme
  • 6c4e53e Merge branch 'agilgur5-object-hash-update'
  • 3d3e4eb - npm install and build
  • 9afc8df (fix): upgrade object-hash to support async/await syntax
  • 9c265b3 (deps): auto-update outdated package-lock.json
  • 947da25 Fix syntax error in transformer example (#195)
  • 531f5f0 - package version
  • 23f63b4 - build
  • 4217346 feat: support options.cwd (#197)
  • d6359af Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Dec 29 '20 00:12 snyk-bot