pg-generator icon indicating copy to clipboard operation
pg-generator copied to clipboard

Published 20 hours ago verified publisher icon ozum

[Snyk] Security upgrade nunjucks from 3.2.0 to 3.2.3

Open ozum opened this issue 9 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 No No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nunjucks The new version differs by 34 commits.
  • fd50090 Release v3.2.3
  • d34fdbf Temporarily comment out codecov action
  • cefad41 Replace README.md travis badge with github actions
  • 7601ff4 Fixup github actions workflow file
  • de9dc67 Add GitHub Workflow for tests. fixes #1333
  • aa9e5b9 Fix prototype pollution security issue. fixes #1331
  • f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (#1329)
  • f91f1c3 Fix `groupby` example formatting
  • 7ef121c Add base and default args to int filter
  • 0c02062 Use attribute getter for `sort` filter
  • c7337e7 Release v3.2.2
  • bea3a43 CHANGELOG: Fix issue link
  • 8186d4f Don't append extra newline when using |indent filter
  • 73a4eb3 Document `with context` behavior for `import` directive (fr)
  • eea081c Document `with context` behavior for `import` directive
  • bbcbaf3 Fix issue where sync render would not raise errors in included templates
  • 63c4baf Remove development files from NPM package. Fixes #984
  • 85918ef Document `if` statement with multiple conditions (fr). refs #1284
  • 7ddd747 Document `if` statement with multiple conditions
  • 1e29863 Add support for nested attributes in `groupBy` filter. Fixes #1198
  • 7087fa9 Fix precompile bin TypeError: name.replace is not a function
  • 1736334 Modify CHANGELOG message for select/reject filters
  • 62565a1 Add `reject` filter
  • 647fc11 Change version query

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

ozum avatar May 14 '24 05:05 ozum