pump.io
pump.io copied to clipboard
[Snyk] Security upgrade activitystrea.ms from 2.1.3 to 3.1.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
![]() |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LODASH-6139239 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: activitystrea.ms
The new version differs by 10 commits.- 3189d9d 3.1.0
- fdb0292 3.0.0
- cf79342 chore: fix URL in package.json
- 2b17247 2.1.4
- 2e415b7 chore: npm audit fix
- 76d52a6 test: fix for language error
- 39b93ea Merge pull request #33 from Twipped/contrib
- 58cbd7b test: override default language so tests pass
- 29bcde1 Dependency bumps, add basic linting, fix a few bugs, rework signature test
- 861de4d Squashed commit.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons: