Skip to content
This repository was archived by the owner on Jul 22, 2024. It is now read-only.

[Snyk] Security upgrade serverless-webpack from 5.11.0 to 5.14.0 #14

Open
Valerionn wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade serverless-webpack from 5.11.0 to 5.14.0 #14

Valerionn wants to merge 1 commit into from

Conversation

@Valerionn
Copy link
Member

@Valerionn Valerionn commented May 18, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: serverless-webpack The new version differs by 250 commits.
  • 47d7964 Merge pull request #1796 from serverless-heaven/release/5.14.0
  • 48fae46 Prepare 5.14.0
  • b61632e Merge pull request #1795 from serverless-heaven/fix/node-22
  • 65112d7 Test on Node 22
  • fef7cb8 Merge pull request #1794 from serverless-heaven/fix/drop-node-14
  • 1762655 Merge pull request #1793 from serverless-heaven/fix/spawn-einval-node-windows-error
  • ce06006 Fix coverallsapp actions
  • 09c2e75 Drop Node 14
  • 6712aea Fix `spawn EINVAL` on Windows when using Node > 20.12.2
  • 3ef76c2 Merge pull request #1792 from serverless-heaven/fix/update-ga
  • 877ecdf Update GitHub Actions
  • 98cfb7e Merge pull request #1790 from serverless-heaven/dependabot/npm_and_yarn/sinon-18.0.0
  • f630314 chore(deps-dev): bump sinon from 17.0.2 to 18.0.0
  • 34a5dbc Merge pull request #1789 from serverless-heaven/dependabot/npm_and_yarn/types/node-20.12.12
  • 75ef83e chore(deps-dev): bump @ types/node from 20.12.11 to 20.12.12
  • 32c4b98 Merge pull request #1788 from serverless-heaven/dependabot/npm_and_yarn/unzipper-0.11.6
  • 9846189 chore(deps-dev): bump unzipper from 0.11.5 to 0.11.6
  • 1a5306c Merge pull request #1787 from serverless-heaven/dependabot/npm_and_yarn/semver-7.6.2
  • 3072302 chore(deps): bump semver from 7.6.1 to 7.6.2
  • 10f0f4b Merge pull request #1786 from serverless-heaven/dependabot/npm_and_yarn/types/node-20.12.11
  • 2227efa chore(deps-dev): bump @ types/node from 20.12.10 to 20.12.11
  • 0356a5f Merge pull request #1785 from serverless-heaven/dependabot/npm_and_yarn/semver-7.6.1
  • 6c1c84f chore(deps): bump semver from 7.6.0 to 7.6.1
  • 7eb34f3 Merge pull request #1784 from serverless-heaven/dependabot/npm_and_yarn/sinon-17.0.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Valerionn @snyk-bot