Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

[Snyk] Fix for 1 vulnerabilities #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
snyk-bot wants to merge 1 commit into master
base: master
Choose a base branch
Loading
from snyk-fix-ab2d1cc25ffec7750b006db73e663f8f

Conversation

Copy link

@snyk-bot snyk-bot commented Apr 13, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827 		Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: browserify The new version differs by 19 commits.
  • 26c58a9 forgot the "has" dep
  • 9a3864e more changelog info about browser field mappings
  • 42c2052 fix now works with the latest resolve
  • 29d917e failing browser field file test
  • ef257ed remove dnode test, was causing issues
  • 16611da some upgrades
  • ee3be4a more info on v9 fixes
  • e6438ea failing cases in pkg_event
  • 145ea52 failing pkg_event test
  • 97203b3 upgrades for 9.0.0
  • fbd6e2e Merge branch 'fix-expose' of https://github.com/jmm/node-browserify
  • dbe2c71 9.0.0
  • 53821dd Merge branch 'remove-unused-umd-dep' of https://github.com/zertosh/node-browserify
  • f6593fb Update browser-pack to ^4.0.0
  • 7ff5676 Merge branch 'remove-unused-umd-dep' of https://github.com/zertosh/node-browserify
  • ab4b4b8 Remove unused "umd" dep
  • d938408 failing relative dedupe case
  • c14da43 Eliminate path resolution and set row.expose.
  • bdf78c8 Pass this._expose to mdeps.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant

AltStyle によって変換されたページ (->オリジナル) /