json-api icon indicating copy to clipboard operation
json-api copied to clipboard

Published 20 hours ago β€’ verified publisher icon ethanresnick

[Snyk] Security upgrade flat from 1.6.1 to 5.0.2

Open snyk-bot opened this issue 4 years ago β€’ 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-FLAT-596927		 Yes No Known Exploit
Commit messages
Package name: flat The new version differs by 41 commits.
  • e5ffd66 Release 5.0.2
  • fdb79d5 Update dependencies, refresh lockfile, format with standard.
  • e52185d Test against node 14 in CI.
  • 0189cb1 Avoid arrow function syntax.
  • f25d3a1 Release 5.0.1
  • 54cc7ad use standard formatting
  • 779816e drop dependencies
  • 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
  • a61a554 Bump acorn from 7.1.0 to 7.4.0
  • 20ef0ef Fix prototype pollution on unflatten
  • e8fb281 Test prototype pollution on unflatten
  • 6e95c43 Add node 10 & 12 to travis config.
  • 38239cc Release 5.0.0
  • beaea9d Add tests around cli. Only show usage if on TTY & no argument, allow eaccess error if file not readable.
  • 533ac93 Convert var to const across source.
  • fdfd095 Exit 1 on usage if specified a file.
  • 369b206 Exit 1 on usage.
  • f9f0788 Stop cli processing on error.
  • a3909c5 Fix lint issues, use non-deprecated strictEqual/deepStrictEqual in tests.
  • 74f83ab Update dependencies.
  • 2ac1b4d Fix losing order of keys after unflatten an object
  • 3b3cd0a Fix issue in `overwrite` example code
  • 2b99901 feat: (flatten, unflatten) Add the transformKey opt.
  • 32432dd Release 4.1.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

snyk-bot avatar Aug 10 '20 23:08 snyk-bot

Codecov Report

Merging #209 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #209   +/-   ##
=======================================
  Coverage   91.11%   91.11%           
=======================================
  Files          58       58           
  Lines        2250     2250           
  Branches      500      500           
=======================================
  Hits         2050     2050           
  Misses        200      200

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 745d36d...67954b4. Read the comment docs.

codecov[bot] avatar Aug 10 '20 23:08 codecov[bot]