MEANcore
MEANcore copied to clipboard
[Snyk] Fix for 4 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
![]() |
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
No | No Known Exploit |
![]() |
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
![]() |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept |
![]() |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: puppeteer
The new version differs by 250 commits.- 377cd83 chore: release main (#11081)
- 11f7c69 test: update Firefox BiDi expectations (#11082)
- 0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
- 163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
- 67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
- 54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
- c5083bb docs: update link to `third_party/README.md` (#11068)
- a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
- 28c1c26 test: crash mocha if unhandled errors occur (#11055)
- c5f2d28 test: move queryObjects to a CDP only tests (#11050)
- 88681a8 test: Remove invalid drag and drop test (#11054)
- eedbb13 chore: release main (#11051)
- b0d7375 fix: remove the flag disabling bfcache (#11047)
- 30bd030 chore: use yargs for mocha runner (#11045)
- 03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
- 897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
- f59537e ci: add sharding for chrome (#11038)
- bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
- e853e63 refactor: use common debugError (#11039)
- 48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
- aa16ab1 chore: use RxJS for wait for Navigation (#11024)
- c502ca8 chore: release main (#11025)
- e0e7e3a test: move cdp only tests to a subfolder (#11033)
- 8993def ci: disable failing doctest (#11035)
Package name: universal-analytics
The new version differs by 13 commits.- 4736a56 Version 0.5
- 6444683 Merge branch 'lekoaf-feat/inline-request'
- eef566e Merge branch 'feat/inline-request' of https://github.com/lekoaf/universal-analytics into lekoaf-feat/inline-request
- 286a398 Merge pull request #134 from adityapatadia/patch-1
- d086cea Merge pull request #138 from mantacode/master
- 1229f36 Merge pull request #154 from johndpope/patch-1
- f4ffe5c Merge pull request #165 from AhmadIbrahiim/patch-1
- 980a576 Update README.md
- 3f24484 Update README.md
- 8d14502 feat: Use own version of request library
- 216b205 Better naming and updated docs
- 4ae354e Add option to change the name of the visitor instance on request object from the default "req.visitor"
- 54acd95 added nodejs 10 and 12 in travis tests
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS)