pollmommy
pollmommy copied to clipboard
[Snyk] Security upgrade random-http-useragent from 1.1.32 to 1.1.33
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
No | Proof of Concept | |
753/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: random-http-useragent
The new version differs by 30 commits.- 5047d7d fix(deps): bump lodash from 4.17.20 to 4.17.21
- 8399704 chore(deps-dev): bump snyk from 1.456.0 to 1.457.0
- 22c9db6 chore(deps-dev): bump snyk from 1.455.0 to 1.456.0
- 5d3fca6 chore(deps-dev): bump eslint-plugin-jest from 24.1.4 to 24.1.5
- 572df6b chore(deps-dev): bump eslint-plugin-jest from 24.1.3 to 24.1.4
- 2f852ba chore(deps-dev): bump snyk from 1.454.0 to 1.455.0
- 82b2c8a chore(deps-dev): bump snyk from 1.452.0 to 1.454.0
- 39109b9 chore(deps-dev): bump semantic-release from 17.3.8 to 17.3.9
- 5ce4171 chore(deps-dev): bump snyk from 1.450.0 to 1.452.0
- 9cf76e2 chore(deps-dev): bump mocha from 8.2.1 to 8.3.0
- c1f721a chore(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1
- 4da9f1d chore(deps-dev): bump snyk from 1.448.0 to 1.450.0
- b28c2dc chore(deps-dev): bump snyk from 1.446.0 to 1.448.0
- 1207a28 chore(deps-dev): bump semantic-release from 17.3.7 to 17.3.8
- e6d1668 chore(deps-dev): bump snyk from 1.445.0 to 1.446.0
- 450b19f chore(deps-dev): bump snyk from 1.440.5 to 1.445.0
- 25ebcba chore(deps-dev): bump chai from 4.2.0 to 4.3.0
- 7cfe07b chore(deps-dev): bump snyk from 1.440.4 to 1.440.5
- 2268ef4 chore(deps-dev): bump snyk from 1.440.1 to 1.440.4
- e96941e chore(deps-dev): bump snyk from 1.439.3 to 1.440.1
- 632f0c1 chore(deps-dev): bump snyk from 1.439.1 to 1.439.3
- 0b23020 chore(deps-dev): bump snyk from 1.439.0 to 1.439.1
- 2a5e0b4 chore(deps-dev): bump semantic-release from 17.3.6 to 17.3.7
- 73c63b9 chore(deps-dev): bump snyk from 1.438.0 to 1.439.0
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report