nlf icon indicating copy to clipboard operation
nlf copied to clipboard

Published 20 hours ago verified publisher icon iandotkelly

[Snyk] Security upgrade snyk-resolve-deps from 4.0.2 to 4.8.0

Open iandotkelly opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASHSET-1320032		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk-resolve-deps The new version differs by 64 commits.
  • d482758 feat: move ci/cd to circle (#91)
  • 0acd7a9 fix: use node 20 when using gh actions for release (#90)
  • 4509737 fix: use node 18 when using gh actions for release (#89)
  • 94edfa6 feat: generate ts type information (#88)
  • e2f49e8 Fix/update lodash (#78)
  • a75337a chore: asset classification (#87)
  • 828264a feat: add secrets scanning (#84)
  • 56d75ea Update pr-housekeeping.yml
  • 4d0a3e5 Merge pull request #81 from snyk/dotkas/pr-housekeeping
  • 04a7c16 PR Housekeeping
  • e6db51d Merge pull request #80 from snyk/chore/update-codeowners-to-os-managed
  • d37167a chore: update codeowners to os-managed
  • e7c27d8 Merge pull request #76 from snyk/fix/update-try-require
  • a2d327a Merge pull request #77 from snyk/chore/github-actions
  • 21b92ab test: fix broken tests for npm@7
  • dd1a0b0 chore: migrate package from Travis CI to GitHub Actions
  • 9bd1a49 fix: update snyk-try-require dependency
  • ebc554a Merge pull request #75 from snyk/chore/update-co
  • a8dfe97 chore: update co file
  • ebae915 Merge pull request #73 from snyk/fix/use-prepare-rather-than-postinstall-for-test-bundle
  • fefa4e8 fix: move postinstall command to prepare
  • 1e559dd Merge pull request #72 from snyk/chore/jestify-resolve-deps
  • 42da5ba chore: jestify resolve-deps
  • fc18cf8 Merge pull request #71 from snyk/chore/upgrade-tap

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

iandotkelly avatar Feb 07 '24 18:02 iandotkelly