Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade dustjs-linkedin from 2.7.5 to 3.0.1 #16

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

TimothyGu
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 751/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
Prototype Pollution
SNYK-JS-DUSTJSLINKEDIN-1089257
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: dustjs-linkedin The new version differs by 36 commits.
  • 5cd5529 Release v3.0.1
  • 0d72e0b Merge pull request #808 from sumeetkakkar/topic/update-deps
  • b2aaa47 Merge branch 'master' into topic/update-deps
  • bd397ea Update tests.yaml: add --legacy-peer-deps to support npm 8 restrictions
  • 115f78c dependency update: chokidar
  • d951a90 Update tests.yml
  • ea9ae70 Create tests.yml
  • 2e8795c Release v3.0.0
  • 6f98371 merge from 2.7
  • db6d8b9 Merge pull request #805 from sumeetkakkar/fix/proto-pollution
  • ddb6523 fix for prototype pollution vulnerability
  • e0e25f7 Merge pull request #756 from danactive/master
  • eeb1c17 Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
  • d485a72 {?exists} and {^exists} resolve Promises and check if the result exists (#753)
  • 43c0831 place location provided by peg 0.9 onto the AST
  • 07b73b3 Merge pull request #744 from sethkinast/is-context
  • ae69314 Don't use instanceof to determine if a Context is a Context
  • dc1e1dc Merge pull request #736 from brianmhunt/master
  • 6f6c49f Prioritize .then on thenable functios (#735)
  • 487da8d Merge pull request #734 from sethkinast/master
  • a671ebd Bump deps
  • 7bc3b77 Update streaming-incremental example to work with newer q
  • 3fc12ef Merge pull request #703 from sethkinast/peg-0.9
  • c1d9e21 Merge pull request #705 from sethkinast/context-templatename

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants