Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade excel4node from 1.4.0 to 1.8.0 #1927

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Denial of Service (DoS)
SNYK-JS-JSZIP-1251497
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: excel4node The new version differs by 120 commits.
  • e3596be Add v1.8.0 to changelog
  • ee31038 Merge pull request Fix color, fonts, implment list view widget #24 from advisr-io/upgrade-xmldom
  • b111cbc Merge remote-tracking branch 'origin/master' into upgrade-xmldom
  • da8e38e Updating package-lock with reverted package name and increased node version
  • 9003c32 Updating xmldom to point to new artifact @ xmldom/xmldom
  • d562d7a Reverting package name and setting minimum node version to 14
  • 7b06164 Merge pull request People page #7 from advisr-io/dependency-updates
  • 852fd8f Merge remote-tracking branch 'origin/master' into dependency-updates
  • 4fdf180 Merge pull request Add menu #21 from advisr-io/picture-rid-undefined-fix
  • a6de9cb Merge branch 'master' into picture-rid-undefined-fix
  • 38cc994 Merge pull request Design fixes #22 from advisr-io/add-test-github-action
  • 81048ea Adding github action to build and test branches and PRs
  • 4b46ccd Updating npm prepublish to prepublishOnly
  • ff0182b Checking in package-lock.json to enforce dependency version
  • f2177a2 Fixing issue with a picture rId being undefined
  • acc547a Upgrade mime to 3.0.0
  • f727cdf Upgrade jszip to 3.10.0
  • 2371762 Upgrading deepmerge to 4.2.2
  • d1b0fa8 Upgrade image-size to 1.0.2
  • 494fb90 Merge pull request Tasks page #8 from advisr-io/convert-changelog-to-markdown
  • a9c09b2 Update dependabot.yml
  • 277240a Updating xmlbuilder to 15.1.1
  • 2a8c2a8 Upgrading uuid to 8.3.2
  • be69b4e Adding github action to build and test branches and PRs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant