node-nicovideo-api icon indicating copy to clipboard operation
node-nicovideo-api copied to clipboard
verified publisher icon hanakla

[Snyk] Security upgrade cheerio from 0.19.0 to 0.20.0

Open hanakla opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSSWHAT-3035488		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: cheerio The new version differs by 56 commits.
  • c3ec1cd Release 0.20.0
  • ef848ca Add coveralls badge, remove link to old report
  • dbcbe90 Merge pull request #808 from leifhanack/lodash4
  • c04ead1 Merge pull request #668 from rwaldin/prop-method
  • b5531bb Merge pull request #671 from twolfson/dev/fallback.select.content.sqwished
  • 9d98bd7 Merge pull request #704 from Rycochet/master
  • 1b9c5c9 Merge pull request #797 from Delgan/641-appendTo_prependTo
  • b12cbe8 Update lodash dependeny to 4.1.0
  • 8c9b2e0 Merge pull request #796 from Delgan/fix_780
  • b09db31 Fix PR #726 adding 'appendTo()' and 'prependTo()'
  • ce8829d Added appendTo and prependTo with tests #641
  • 4779762 Fix #780 by changing options context in '.find()'
  • 8dc1cc9 Add an unit test checking the query of child
  • b27bed6 fix #667: attr({foo: null}) removes attribute foo, like attr('foo', null)
  • 70c5608 Include reference to dedicated "Loading" section
  • fa70a84 Added load method to $
  • 4e8483a update css-select to 1.2.0
  • 5f2777a Merge pull request #732 from jugglinmike/reinstate-toarray
  • 106e42a Merge pull request #776 from dYale/master
  • 97149d3 Fixing Grammatical Error
  • a1367ee Merge pull request #739 from TrySound/npm-files
  • 6c73b7a Merge pull request #773 from JaKXz/patch-1
  • 48bb22d Test against node v0.12 --> v4.2
  • ec2414d Correct output in example

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

hanakla avatar Oct 04 '22 11:10 hanakla