nativescript-fabric icon indicating copy to clipboard operation
nativescript-fabric copied to clipboard

Published 20 hours ago verified publisher icon hypery2k

[Snyk] Fix for 1 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • src/package.json
    • src/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 743/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7		 Prototype Pollution
SNYK-JS-PLIST-2405644		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: simple-plist The new version differs by 25 commits.
  • a611fe7 1.0.0
  • d683fed Merge branch 'develop'
  • 01b17ac Merge branch 'feature/es6-migration' into develop
  • 7bc2d02 Converted all files from coffeescript to javascript.
  • aef4de4 Prepping for conversion to vanilla javascript.
  • 39be19a Merge branch 'master' into develop
  • 358d445 Merge branch 'brodybits-minor-release-updates'
  • 613fb8f Upgraded additional packages.
  • 3f7c63e Resolved conflicts in package.json
  • 4a4d371 Updated yarn.lock
  • d0f8acf Merge branch 'brodybits-dev-and-build-updates'
  • cc74d05 package.json use coffeescript@2
  • bc61679 package.json use plist@3
  • 7217e11 package.json update devDependencies
  • cc15929 .travis.yml updates
  • 7aa5364 .gitignore add package-lock.json
  • 28ea7e9 Added a seperate build script.
  • d3bf8a8 0.3.0
  • f2d34f7 Merge pull request #15 from r-murphy/patch-1
  • 9830ab3 Empty string test for fix https://github.com/wollardj/node-simple-plist/issues/13
  • 643564b update plist to 2.1.0
  • 2f5becf Merge tag '0.2.1' into develop
  • 7ee0725 Merge branch 'release/0.2.1'
  • bae35ce Added TravisCI build badge to README.md for master

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Feb 18 '22 16:02 snyk-bot