MMM-ShipmentTracking icon indicating copy to clipboard operation
MMM-ShipmentTracking copied to clipboard

Published 20 hours ago verified publisher icon fewieden

[Snyk] Security upgrade jsdom from 9.12.0 to 16.6.0

Open fewieden opened this issue 7 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
npm:content-type-parser:20170905		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jsdom The new version differs by 250 commits.
  • 74a8d1e Version 16.6.0
  • f51f2ec Remove the dependency on request
  • 2b6d5ae Update dependencies
  • b72b33b Disable now-crashing canvas test
  • 39b7972 Handle null and undefined thrown as exceptions
  • 04f6c13 Add ParentNode.replaceChildren() (#3176)
  • e4c4004 Version 16.5.3
  • 2f41466 Fix MutationObserver infinite loop bugs (#3173)
  • b232f2a Run partially-failing WPTs in the custom-elements directory
  • 35e103e Run partially-failing WPTs in the cors directory
  • 77b660a Run partially-failing WPTs in the FileAPI directory
  • d8a245f Use `InnerHTML` mixin for `innerHTML` definition (#2981)
  • bd50bbe Version 16.5.2
  • d5cfd69 Fix event handler ObjectEnvironment instantiation
  • 93e3d4a Remove vestigial concurrentNodeIterators option-passing
  • c92f9c1 Check all associated elements for form validity
  • 2202703 Fix failing WPTs calculation
  • 21c7671 Upgrade dependencies
  • c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
  • a13d854 Use WeakRefs for NodeIterator tracking when supported
  • fdf97d8 Fix radio/checkbox to not fire events when disconnected
  • 761d8cc Refactor <output>
  • b36d418 Make customElements.whenDefined() resolve with the constructor
  • c5d13bb Remove a variety of redundant to-port tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS)

fewieden avatar Dec 03 '23 14:12 fewieden