nodeclub icon indicating copy to clipboard operation
nodeclub copied to clipboard

Published 20 hours ago verified publisher icon cnodejs

[Snyk] Security upgrade xss from 0.2.10 to 1.0.10

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-XSS-1584355		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: xss The new version differs by 173 commits.
  • 380a4ba publish: v1.0.10
  • 699acde fix: #239 stripCommentTag DoS attack
  • 9cbe2f1 Create SECURITY.md
  • bdd1b03 chore: fix nodejs.yml remove node-version 8.x
  • 3be6a07 chore: update devDependencies to latest version
  • 948dfb1 docs: update CI badge
  • 831a6a2 chore: github action nodejs.yml run test-cov instead of test
  • 0ba3cdb chore: remove .travis.yml
  • cdee88e chore: fix github action nodejs.yml
  • 624aba9 chore: add github action nodejs.yml
  • 901b771 style: reformat all source code by prettier
  • 0b15109 docs: update changelog
  • 3e153f5 fix: typings `onTag` options
  • 82cb63f docs: update changelog
  • a1d9b44 fix: typings IWhiteList allow any tag name
  • 005098b feat: Add `<strike>` to default whitelist
  • dcf1486 feat: Add `<audio crossorigin muted>`, `<video crossorigin muted playsinline poster>` to default whitelist
  • f4c0b29 Merge pull request #220 from daraz999/patch-1
  • 2f5dd55 fix: recover `<summary>` on the default whitelist
  • d94ac2a publish: v1.0.9
  • 4452638 chore: add package-lock.json to .ignore
  • cff16d9 chore: build dist
  • 730a0b5 Merge pull request #218 from TomAnthony/fix-whitespace-bypass
  • 6586f49 Merge pull request #216 from spacegaier/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Oct 23 '21 06:10 snyk-bot