extension
extension copied to clipboard
Published
20 hours ago •
get-set-fetch
get-set-fetch
[Snyk] Fix for 2 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-JSZIP-1251497 |
No | No Known Exploit |
|
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Open Redirect SNYK-JS-URLPARSE-1533425 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jszip
The new version differs by 18 commits.- e5b3f0d 3.7.0
- e88ba4b Update for version 3.7.0
- 9046487 Disable proto assert that fails in browsers
- 6d029b4 Merge pull request #766 from MichaelAquilina/fix/files-null-prototype
- bb38812 Ensure prototype isn't modified by zip file
- d024c22 test: Add test case for loading zip filenames which shadow method names
- 2235749 fix: Use a null prototype object for this.files
- b7f472d Merge pull request #757: Update license to be valid spdx identifier
- a311039 update license to be valid spdx identifier
- 112fcdb 3.6.0
- 7c75dff Update changelog and build for 3.6.0
- 10035ad Update contributing
- dcc6ff9 Merge pull request #742 from jahed/fix/webpack-5-async-failure
- f4700f9 fix(browser): redirect main to dist on browsers
- 3db5fdc Merge pull request #734 from JayFate/master
- e534454 fix: duplicate require
- 25d401e Merge pull request #703 from vdoubleu/patch-1
- 9f13168 fix small error in read_zip.md
Package name: url-parse
The new version differs by 25 commits.- 201034b [dist] 1.5.2
- 2d9ac2c [fix] Sanitize only special URLs (#209)
- fb128af [fix] Use `'null'` as `origin` for non special URLs
- fed6d9e [fix] Add a leading slash only if the URL is special
- 94872e7 [fix] Do not incorrectly set the `slashes` property to `true`
- 81ab967 [fix] Ignore slashes after the protocol for special URLs
- ee22050 [ci] Use GitHub Actions
- d2979b5 [fix] Special case the `file:` protocol (#204)
- 9f43f43 [pkg] Update browserify to version 17.0.0
- af84da0 [test] Fix multiple mixed slashes test
- eb6d9f5 [dist] 1.5.1
- 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
- 3ac7774 [test] Make test consistent for browser testing
- 267a0c6 [dist] 1.5.0
- d1e7e88 [security] More backslash fixes (#197)
- d99bf4c [ignore] Remove npm-debug.log from .gitignore
- 422c8b5 [pkg] Replace nyc with c8
- 933809d [pkg] Move coveralls to dev dependencies
- 190b216 [pkg] Add .npmrc
- ce3783f [test] Do not test on all available versions of Edge and Safari
- 77c1184 [pkg] Update mocha to version 8.0.1
- 673c3a7 [travis] Test on node 14
- 08fd2cc [pkg] Update mocha to version 7.0.1 (#189)
- 3ce7824 [pkg] Update nyc to version 15.0.0 (#188)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
