vue-oop icon indicating copy to clipboard operation
vue-oop copied to clipboard

Published 20 hours ago verified publisher icon matrunchyk

[Snyk] Security upgrade danger from 11.2.1 to 11.3.0

Open matrunchyk opened this issue 5 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: danger The new version differs by 106 commits.
  • fdc1c49 Release 11.3.0
  • 01dae20 CHANGELOG
  • a80719a Merge pull request #1406 from buffcode/gitbeaker-v35
  • 7113be5 Fixes for DTS and flow types, replaced rest of GitLabDSL types
  • a440525 CI: Use --esModuleInterop
  • ea7e389 Update DTS
  • 7018c2e Update Changelog
  • 9dcb060 Update to @ gitbeaker/node 35.8.1, fix types & tests
  • 031f01d issue-1301: use types
  • 029fb4f Merge pull request #1401 from david-allan-jones/replace_deprecated_substr
  • 7fac525 Replace deprecated substr with substring in github issue template
  • eb1d4f9 Merge pull request #1398 from shitamori1272/fix/bitbucketcloud-accesstoken
  • 55cc4c5 Allow REPO_ACCESS_TOKEN type to use env uuid value
  • 83c90c5 fix: use DANGER_BITBUCKETCLOUD_REPO_ACCESSTOKEN
  • 1616f7b Update publish_package.yml to include package write
  • fd3c959 Release 11.2.8
  • e07fe05 Release
  • 8bba64f Merge pull request #1395 from glensc/1381-fix
  • 26387bc Merge pull request #1396 from glensc/patch-1
  • c561731 Merge pull request #1392 from glensc/log-details
  • b0e5f37 Merge pull request #1393 from glensc/bump-node-ci-16
  • 98c0a69 FIx: use proper branch name in publish_package workflow
  • 8c2847e Add changelog for #1395
  • 5cfc871 Add dangerID to gitlab createComment api

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

matrunchyk avatar Feb 02 '24 20:02 matrunchyk