jscoverage icon indicating copy to clipboard operation
jscoverage copied to clipboard

Published 20 hours ago verified publisher icon fishbar

[Snyk] Security upgrade uglify-js from 2.4.15 to 2.8.6

Open snyk-bot opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: uglify-js The new version differs by 250 commits.
  • 33b5f31 v2.8.6
  • 35a849d collapse assignment with adjacent subsequent usage (#1553)
  • b70591b handle variable declaration within catch blocks (#1546)
  • b33e7f8 improve `unsafe` on undefined (#1548)
  • 1f0333e stay safe with constants in IE8- (#1547)
  • eb98a7f fix handling of shebang and preamble (#1545)
  • 78d1bb9 fix a corner case in #1530 (#1552)
  • ea9ab9f resolve issue with outdated version of async (#1549)
  • ce54c9c disallow collapse_vars constant replacement in for-in statements (#1543)
  • 07accd2 process code with implicit return statement (#1522)
  • 18059cc compress numerical expressions (#1513)
  • b5e0e8c facilitate fix for #1531 (#1542)
  • e5cb927 v2.8.5
  • 17b8135 fix chained assignment with `unused` (#1540)
  • 4d63d4f collapse_vars should not replace constant in for-in init section (#1538)
  • 70d72ad properly cover all cases of for-in loop variables (#1536)
  • fe9227a fix reference marking in for-in loops (#1535)
  • b49e142 disable do{...}while(false) optimisation (#1534)
  • ee3b39b optimize trivial IIFEs returning constants (#1530)
  • 9699ffb trim unused invocation parameters (#1526)
  • fdc9b94 minor improvement to string optimisation (#1514)
  • 40ceddb v2.8.4
  • 7aa6911 fix corner cases in `reduce_vars` (#1524)
  • bff7ad6 v2.8.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

snyk-bot avatar Apr 07 '22 16:04 snyk-bot