Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade phantomas from 1.19.0 to 2.3.0 #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade phantomas from 1.19.0 to 2.3.0 #21

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Dec 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Certificate Validation
SNYK-JS-NODESASS-1059081		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: phantomas The new version differs by 250 commits.
  • 22e9b73 Bump to v2.3.0
  • c6bcbf7 Update ghcr.io link
  • e7eeae7 Add CodeFactor badge
  • db91679 Update push-to-ghcr.yml
  • 0e32d72 Merge pull request #962 from macbre/publish-to-gchr-io
  • 0a3a6fe Build and push to ghcr on releases only
  • cb5997f Remove the debug code
  • 5dda1aa Update README.md
  • 86ac78f Update push-to-ghcr.yml
  • db4a004 Remove v from Docker tag
  • 6f01726 Remove "v" from the release tag before tagging the image
  • 80f1986 Publish Docker image to ghcr.io public repository
  • a883852 Merge pull request #961 from macbre/docker-build
  • 2a6271a Use docker/build-push-action@v2
  • a4c6e70 Merge pull request #960 from macbre/dependabot/npm_and_yarn/jest-27.0.6
  • eeae951 Merge branch 'devel' into dependabot/npm_and_yarn/jest-27.0.6
  • e1c1c02 build(deps): bump puppeteer from 10.0.0 to 10.1.0
  • e7b292b build(deps-dev): bump jest from 27.0.5 to 27.0.6
  • 7324b7f build(deps-dev): bump prettier from 2.3.1 to 2.3.2
  • 4ab89b9 Merge pull request #957 from macbre/dependabot/npm_and_yarn/commander-8.0.0
  • 7396fb6 build(deps): bump commander from 7.2.0 to 8.0.0
  • 5c3770f build(deps-dev): bump jest from 27.0.4 to 27.0.5
  • c9bd7e9 Merge pull request #955 from macbre/docker-chrome-91
  • 5a039c2 Dockerfile.- using Chrome 91

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
f41553b 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODESASS-1059081
@PatOnTheBack PatOnTheBack mentioned this pull request May 13, 2022
Open
This was referenced Jun 21, 2023
Open
Open
@PatOnTheBack PatOnTheBack mentioned this pull request Nov 27, 2023
Open
@PatOnTheBack PatOnTheBack mentioned this pull request May 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot