Skip to content
This repository was archived by the owner on Sep 6, 2025. It is now read-only.

[Snyk] Fix for 2 vulnerabilities #24

Open
WarnerBrosDev wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #24

WarnerBrosDev wants to merge 1 commit into from

Conversation

@WarnerBrosDev
Copy link

@WarnerBrosDev WarnerBrosDev commented Feb 23, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • example/logo-resize/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 753/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: babel-eslint The new version differs by 43 commits.
  • 0f20099 5.0.0
  • 278579f Update README.md
  • 11c2f03 Merge pull request #255 from deepsweet/npm-ignore
  • 3b5f8f4 include only `index.js` in npm package
  • c0f1110 delete `.npmignore`
  • f399c89 Merge pull request #250 from danez/patch-1
  • c71392e adjust test to also cover issue #239
  • 413b80e 5.0.0-beta10
  • 7a038d5 Merge pull request #246 from babel/escope-patterns
  • c80a386 fixup tests
  • 36f6638 fix typo
  • bd4eee9 check using `__esModule`
  • b26bc58 Prevent escope referencer from traversing into param pattern type annotations
  • 0d30882 5.0.0-beta9
  • 71fadf0 Merge pull request #244 from christophehurpeau/patch-1
  • d8ac8f9 fix #243
  • 3dcb32c 5.0.0-beta8
  • ac4d3f0 Add a test for use strict and directive ast change
  • 937eceb 5.0.0-beta7
  • 880dc03 Merge pull request #241 from jmm/rule-strict
  • 80f7a48 temporarily remove test
  • 04838a2 Add tests for `strict` rule.
  • 4a3a35d Merge pull request #232 from vaibhavmule/patch-1
  • 0cf92d3 update Licenses date

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WarnerBrosDev @snyk-bot