sabik icon indicating copy to clipboard operation
sabik copied to clipboard
verified publisher icon ytetsuro

[Snyk] Security upgrade mithril from 2.2.2 to 2.2.3

Open ytetsuro opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mithril The new version differs by 22 commits.
  • e0996bd Fix docs linting issues
  • c1fc1de Bypass css text (#2811)
  • 645cf66 Bump terser from 4.3.4 to 4.8.1
  • da76ed9 Bundler can't parse multiple exports per module
  • 28d35b4 Update auto-merge.yml
  • ac0ff86 Bump shell-quote from 1.7.2 to 1.7.3
  • 93896fa Bump minimist from 1.2.5 to 1.2.6
  • 8cb7988 Add tests for the hooks for a delayed removal in a fragment, address other review concerns
  • 9af9ea6 Simplify domFor logic
  • 62b6308 camelCase file references dom-for -> domFor
  • 6655780 Address review comments, linter and build concerns
  • 3fd82e6 implement m.domFor() and use it internally to move and remove nodes. Fix #2780
  • 27fb1ea tweak the CI actions names
  • c0a9c21 Actually remove ospec from the main code base (#2786)
  • ea680dc Add back CI (#2785)
  • da1454b Add missing prerelease branch target.
  • a459a81 inline obsolete factory
  • 716d1e1 Kick jsonp - fixes #2682
  • efdb563 Remove a stale comment
  • e9a365c Kick promise polyfill
  • 517661a allow trailing slash for routes - fixes #2763
  • 8c149d3 Release Artifacts for v2.2.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

ytetsuro avatar Nov 30 '23 14:11 ytetsuro