yunmai-data-extract icon indicating copy to clipboard operation
yunmai-data-extract copied to clipboard

Published 20 hours ago verified publisher icon conoro

[Snyk] Security upgrade snyk from 1.290.1 to 1.324.0

Open conoro opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-3023021		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk The new version differs by 207 commits.
  • b13e371 Merge pull request #1126 from snyk/chore/drop-git-url-parse
  • dd86bc9 feat: remove git-url-parse dependency
  • 2e7ae94 Merge pull request #1134 from snyk/fix/check-image-name
  • 48cbf4a fix: add check if image name undefined
  • 96b6f5a Merge pull request #1129 from snyk/fix/docker-ignore-project-name-oveerride
  • 9d4df01 fix: do not ignore project name override for container projects
  • 2f686a9 Merge pull request #1124 from snyk/fix/include_command_container_as_alias
  • 6bc0085 feat: include command "container" as alias for option "--docker"
  • 95369bd Merge pull request #1125 from snyk/feat/upstream-update-notifier
  • a34b8d5 feat: switch back to upstream configstore
  • eaac36c test: update-notifier fetches info
  • 366c687 feat: switch back to upstream update-notifier
  • 0eabdcf Merge pull request #1123 from snyk/feat/upgrade-nuget
  • ce6940d Merge pull request #1121 from snyk/fix/show-better-error-pip
  • c6c58ba feat: upgrade nuget-plugin, removing core-js
  • d437796 fix: suggest --skip-unresolved for python test
  • bb1c874 Merge pull request #1118 from snyk/fix/wrong-path-multi-project
  • 274618e fix: wrong path to display better test results
  • 6e7fb38 Merge pull request #1119 from snyk/fix/enable-mvn-logging
  • 5414755 fix: enable mvn plugin logging when running with -d
  • 505720d Merge pull request #1117 from snyk/chore/release-notes-review-fix
  • 649c770 chore: release notes preview fix.
  • 6e448ca Merge pull request #1114 from snyk/chore/run-tests-on-linux
  • 9b31d2b Merge pull request #1113 from snyk/fix/circle-to-run-npm-test

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

conoro avatar Sep 14 '22 17:09 conoro