Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade history from 1.13.1 to 1.14.0 #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade history from 1.13.1 to 1.14.0 #31

wants to merge 1 commit into from

Conversation

magnologan
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • app/package.json
    • app/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-QS-3153490		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: history The new version differs by 35 commits.
  • 702db62 Version 1.14.0
  • 990b853 Merge pull request #168 from taion/doc-141
  • a9db75a Deprecate pushState and replaceState
  • 50420f9 Document the new push and replace syntax
  • 0a1b31a Merge pull request #171 from rackt/query-string
  • d0edd09 Use query-string instead of qs
  • 331ee28 Merge pull request #167 from taion/hash-replace
  • 32a3978 Consider the full path in changing PUSH to REPLACE
  • ce96689 Merge pull request #141 from taion/push-replace-location-object
  • 9a5a378 Merge pull request #156 from taion/actually-fix-coverage
  • 969463f Configure the coverage reporter
  • 4ab16f3 Merge pull request #155 from rackt/taion-patch-1
  • d88948f Clean up the last of the old push/replace docs
  • e2c9860 Merge pull request #152 from taion/build-es6
  • 07b8013 Add ES2015 module build
  • 2688abe Merge pull request #151 from taion/clean-lib
  • b1cf2fa Merge pull request #150 from taion/linkify-CHANGES-HEAD
  • a6aac12 Clean output directory when building
  • 23353fe Link to HEAD diffs on CHANGES
  • ede110f Merge pull request #147 from taion/CriOS-fixme
  • 7f28fcb Merge pull request #148 from taion/eslint-mocha
  • 7bb2867 Centralize eslint env setting
  • b98fc54 Add FIXME note to CriOS workaround
  • ae05e84 Update CHANGES.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@magnologan @snyk-bot