Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #527

Merged
merged 1 commit into from
Feb 18, 2020
Merged

[Snyk] Fix for 1 vulnerabilities #527

merged 1 commit into from
Feb 18, 2020

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Feb 1, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489		 No Proof of Concept
Commit messages
Package name: snyk The new version differs by 58 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@codecov
Copy link

codecov bot commented Feb 1, 2020
edited
Loading

Codecov Report

Merging #527 into master will not change coverage by %.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master     #527   +/-   ##
=========================================
  Coverage     56.07%   56.07%           
  Complexity      263      263           
=========================================
  Files            17       17           
  Lines           922      922           
=========================================
  Hits            517      517           
  Misses          405      405

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aaa713b...4bf3bad. Read the comment docs.

@mmattel
Copy link
Contributor

mmattel commented Feb 18, 2020

@micbar @phil-davis wouldn't it be good to fix a vulnerable package before 10.4 gets out?

@phil-davis phil-davis removed their request for review February 18, 2020 12:58
@phil-davis
Copy link
Contributor

@micbar I have no idea about assessing npm stuff. I will let you review this or request the appropriate person.

@mmattel
Copy link
Contributor

mmattel commented Feb 18, 2020

Pls also see #523

@micbar
Copy link
Contributor

micbar commented Feb 18, 2020

@IljaN Please review

IljaN
IljaN approved these changes Feb 18, 2020
View reviewed changes
Copy link
Member

@IljaN IljaN left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💃

@mmattel
Copy link
Contributor

mmattel commented Feb 18, 2020

In case of merging, is there a changelog entry necessary?

@phil-davis phil-davis self-assigned this Feb 18, 2020
@phil-davis phil-davis force-pushed the snyk-fix-96e41cc6cf6f63fe3378844ccf838aac branch from 4565f42 to ee5329b Compare February 18, 2020 14:54
@phil-davis phil-davis force-pushed the snyk-fix-96e41cc6cf6f63fe3378844ccf838aac branch from ee5329b to 4bf3bad Compare February 18, 2020 15:02
@phil-davis phil-davis merged commit 892c76c into master Feb 18, 2020
@delete-merged-branch delete-merged-branch bot deleted the snyk-fix-96e41cc6cf6f63fe3378844ccf838aac branch February 18, 2020 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IljaN IljaN IljaN approved these changes

@micbar micbar Awaiting requested review from micbar

Assignees

@phil-davis phil-davis

Labels
4 - To release dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@snyk-bot @mmattel @phil-davis @micbar @IljaN