qrl-wallet [Snyk] Security upgrade mathjs from 4.0.1 to 7.5.1

[Snyk] Security upgrade mathjs from 4.0.1 to 7.5.1

Open snyk-bot opened this issue 3 years ago • 0 comments

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	436/1000 Why? Recently disclosed, CVSS 7.3	Prototype Pollution SNYK-JS-MATHJS-1016401	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mathjs

The new version differs by 250 commits.

2594c69 Publish v7.5.1
ecb8051 Fix object pollution vulnerability in `math.config`
a2858e2 Publish v7.5.0
a72deb3 Update history
c5ab722 Merge branch 'pickrandom-allow-any-array)' of https://github.com/KonradLinkowski/mathjs into develop
7575156 Publish v7.4.0
642db06 Update history
439ec41 Feat/rotate matrix (#1984)
7854a9b Update history
a5cbb6a pickRandom - flatten the array
ca05c25 Allow any array in pickRandom function
bc4d94b Update history and authors list
becab40 sqrtm - throw an error for matrices with dimension greater than two (#1977)
f3c4a90 Update history
9f06dad floor and cell with precision (#1967)
76f6085 Publish v7.3.0
73c66b9 Update devDependencies
f2d7a1b Update history and authors list
1d0ce02 Merge remote-tracking branch 'origin/develop' into develop
f5d843b Binary, octal, and hexadecimal literals and formatting (#1968)
d82fc39 Simplify require url in math_worker example
91fa8ea Fix require url in math_worker example
18996cb Update devDependencies
93ac70a Update history and authors list

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Oct 14 '20 08:10 snyk-bot