lattice
lattice copied to clipboard
Published
20 hours ago •
latticejs
latticejs
[Snyk] Security upgrade file-loader from 4.3.0 to 6.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/lattice-ssr/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4 |
Prototype Pollution SNYK-JS-JSON5-3182856 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: file-loader
The new version differs by 15 commits.- e44eb73 chore(release): 6.0.0
- ad39022 chore(deps): update (#369)
- e1fe27c docs: update README.md (#368)
- c2aded7 chore(release): 5.1.0
- cd8698b feat: support the `query` template for the `name` option (#366)
- 5703c58 chore(deps): update (#365)
- 521bff2 chore: remove duplicate prettier config file (#357)
- 5ffac2e refactor: added description on esModule (#358)
- 190829e docs: fix the description of the `esModule` option (#348)
- f1b071c chore(release): 5.0.2
- 6431101 chore: add the `funding` field in `package.json` (#347)
- 90302cd chore(release): 5.0.1
- 31d6589 fix: name of `esModule` option in source code (#346)
- 2a18cba chore(release): 5.0.0
- 98a6c1d refactor: next (#345)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
