[Snyk] Security upgrade dset from 2.0.1 to 3.1.2 #19

Oferlev · 2022-10-05T17:27:17Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-DSET-1054939	No	No Known Exploit
	721/1000 Why? Proof of Concept exploit, Has a fix available, High severity	Prototype Pollution SNYK-JS-DSET-2330881	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dset

The new version differs by 50 commits.

740b3ae 3.1.2
845879b chore(merge): add tests for "__proto__" key (Fix lint issues #38)
2d156c7 fix(merge): prevent possible prototype pollution ([Snyk] Upgrade @babel/plugin-transform-runtime from 7.19.6 to 7.21.0 #34)
56923fe chore: readme example errors ([Snyk] Upgrade core-js-pure from 3.26.0 to 3.27.1 #30)
fb41df6 3.1.1
c29c251 chore: update module sizes;
fa0f75c chore: use `while` loop ([Snyk] Upgrade: @babel/core, @babel/runtime, @babel/preset-env #29)
6515792 3.1.0
8ee6d12 chore: add `dset/merge` to readme
1241f63 golf(merge): drop 4b
1533843 chore: add more `objects` tests
8d0224d chore: add `merge` test suite
9f337a8 chore: split up test suites for composing
5aed5d1 chore: import `merge` submodule
36a2529 chore: setup bundt modes
7932211 chore: move type defs
7178ab2 3.0.0
ab0b1bf chore: add codecov badge
72b49ab chore: remove old usage examples
aebde0d chore: update readme
da14b89 fix(bench): update `dset` links
fa7ab74 feat: add "exports" map
37aaf30 chore: update module size
0a11c8a fix: break loop on unsafe keys;

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DSET-1054939 - https://snyk.io/vuln/SNYK-JS-DSET-2330881

* create setupadBidAdapter * add setupadBidAdapter * update setupadBidAdapter * update metrics collection * update analytics collection * update getUserSyncs * add setupadAnalyticsAdapter.js * test setupadAnalyticsAdapter * remove test: 1 * add GVLID && bug fixes && test updates * remove setupadAnalyticsAdapter * add userID module handling * add GVLID && bug fixes && test updates * remove setupadAnalyticsAdapter * add userID module handling * clean up && seat bugfix * clean up logs * add userID module handling * update md && clean up * Send setupad only on bidRequested * Fix bidResponse and bidWon responses * Improve bidResponse and bidWon logic * Revert changes to specific files * Remove test parameter * Fix multiple bidResponse and bidTimeout calls to getPixelUrl * eslint errors fixes(brackets added) * Add extra checks for events * Fix BIDDER_CODE const * update reporting endpoint * update setupadBidAdapter_spec.js REPORT_ENDPOINT * update readme * Revert "Merge branch 'prebid:master' into setupad-adapter" This reverts commit 1c14dbe, reversing changes made to 7fe9ea5. * Revert "Revert "Merge branch 'prebid:master' into setupad-adapter"" This reverts commit a34e3e4. * # This is a combination of 20 commits. # This is the 1st commit message: add setupadBidAdapter # This is the commit message #2: update setupadBidAdapter # This is the commit message #3: update metrics collection # This is the commit message #4: update analytics collection # This is the commit message #5: update getUserSyncs # This is the commit message #6: add setupadAnalyticsAdapter.js # This is the commit message #7: test setupadAnalyticsAdapter # This is the commit message #8: remove test: 1 # This is the commit message #9: add GVLID && bug fixes && test updates # This is the commit message #10: remove setupadAnalyticsAdapter # This is the commit message #11: add userID module handling # This is the commit message #12: clean up && seat bugfix # This is the commit message #13: add userID module handling # This is the commit message #14: add GVLID && bug fixes && test updates # This is the commit message #15: remove setupadAnalyticsAdapter # This is the commit message #16: add userID module handling # This is the commit message #17: clean up logs # This is the commit message #18: update md && clean up # This is the commit message #19: Send setupad only on bidRequested # This is the commit message #20: Fix bidResponse and bidWon responses * # This is a combination of 22 commits.tree 8abae7e6dffc9a21ad11770713ba485fc610028a parent cecfce3 author pavel <pavel@setupad.com> 1706627437 +0200 committer pavel <pavel@setupad.com> 1706627437 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEqGYI3KX/FkbObQG8FABtd4pCs/AFAmW5EW0ACgkQFABtd4pC s/CK3w//WWJSFUlycnnNKTV2XfdcBjooOeZZvjpXVthwr09CCC4uO//kw4bPluhn f5fcVFdXzrY1AZ6ch8Wo3msX/Pkso014jIGd5aIWcHpNYFtffACwH/40Y8AcJNZd bsOZxVK0awPTz/RihC5eY+0J3cP+iFWP/FlYJoHEQIBXq/Eg6mWoAhxwpL/JvxbY QbLFWsRn2ckQ6ftOZgm3/jh8VLaG1zWbWImlWEs5Zel+CorJBTniTj58VbApelYD TFMgbSR2I4NGVaqNIrHePnSMsDATxalQ2nZPwY6raKCHWIbvoUPIn/OpDMMbKgC7 nCwounNmObxFVoj3xusAZppzHpKPasY8xKWb2Kr7zfhZArsOMC6B7fYqQNK0cWG3 8RR/10oheJD9M2kRlfLiqnRv7ExY08SQ/ZMo9LA8BeRUGBXhh6++8FKhKIHvX1gL k1R5W6c+NNWP+PDFsmrFpMn+LpYdl84I7yfYK5dHuw80od7f1wuAVYpswi6Cziy9 /KY6/rfENvUrGTmWSh5GdDBel89ACCfFkasIKB92xhzKTfjzF/DXkc8XQZOMbt1j CsILgWMNfLPMo4Dlgdx/tYCSLLBNEtZ1/hhUcFQ3+0TzLf0GtMkvMnlBnDinqe1n 1P30fQ2I5W5NJKDPrCOnRymI6QOAPFXtMF11R81mbB9H8asft/E= =oJtZ -----END PGP SIGNATURE----- bugfixes # This is the commit message #22: Remove test parameter * # This is a combination of 26 commits. parent cecfce3 author pavel <pavel@setupad.com> 1706627437 +0200 committer pavel <pavel@setupad.com> 1706627437 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEqGYI3KX/FkbObQG8FABtd4pCs/AFAmW5EW0ACgkQFABtd4pC s/CK3w//WWJSFUlycnnNKTV2XfdcBjooOeZZvjpXVthwr09CCC4uO//kw4bPluhn f5fcVFdXzrY1AZ6ch8Wo3msX/Pkso014jIGd5aIWcHpNYFtffACwH/40Y8AcJNZd bsOZxVK0awPTz/RihC5eY+0J3cP+iFWP/FlYJoHEQIBXq/Eg6mWoAhxwpL/JvxbY QbLFWsRn2ckQ6ftOZgm3/jh8VLaG1zWbWImlWEs5Zel+CorJBTniTj58VbApelYD TFMgbSR2I4NGVaqNIrHePnSMsDATxalQ2nZPwY6raKCHWIbvoUPIn/OpDMMbKgC7 nCwounNmObxFVoj3xusAZppzHpKPasY8xKWb2Kr7zfhZArsOMC6B7fYqQNK0cWG3 8RR/10oheJD9M2kRlfLiqnRv7ExY08SQ/ZMo9LA8BeRUGBXhh6++8FKhKIHvX1gL k1R5W6c+NNWP+PDFsmrFpMn+LpYdl84I7yfYK5dHuw80od7f1wuAVYpswi6Cziy9 /KY6/rfENvUrGTmWSh5GdDBel89ACCfFkasIKB92xhzKTfjzF/DXkc8XQZOMbt1j CsILgWMNfLPMo4Dlgdx/tYCSLLBNEtZ1/hhUcFQ3+0TzLf0GtMkvMnlBnDinqe1n 1P30fQ2I5W5NJKDPrCOnRymI6QOAPFXtMF11R81mbB9H8asft/E= =oJtZ -----END PGP SIGNATURE----- bugfixes # This is the commit message #22: Remove test parameter # This is the commit message #23: Fix multiple bidResponse and bidTimeout calls to getPixelUrl # This is the commit message #25: eslint errors fixes(brackets added) # This is the commit message #26: Add extra checks for events * parent 75178b9 author pavel <pavel@setupad.com> 1706627694 +0200 committer pavel <pavel@setupad.com> 1706627694 +0200 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEqGYI3KX/FkbObQG8FABtd4pCs/AFAmW5Em4ACgkQFABtd4pC s/BBUQ/+NXyHoxPM185YJLG9M1ySC/5vTT9W5mfwQ93cVDLCeuGnpsnmi4S21NuQ b7gSeokFjwztvVOUmh/xqMp4lTsvL53TUd00b1k4KGVSqgcF00Foit5g8fOGLYsI DAoqphYV6MWjpAun+II+ELY8QUkHR1cjTc7PEGtmf+8RnptGVdyJ6C9Ab8u9TQTY Apj5Srhfo3Tl8S+WScOxwwB/uqEJR4fhIrJyzFzdLDEb2olSPyrQUs87vQXlhEnK buPEg2F5JsRH6sw11Xp3TFNSZGxNnBSlTh9dixou5md4yRCv5a2TMef667N0BVDp lGgc7mCrRKXyqzphmmeHudiscEGFjtUPObXoHutSVw22wdARFCTpNFKBLLFn4v8o Zv1OvFdNprvHsoeW0HVlZdU7OKnDTRrko6DHk2AahxojjvAFEWuDsGYZNjhdQwRR lK1zm+SFQnKI0Eojd+f84fvKod9geGs640jyH/x5R4eYm4yjZb8SkRtd3cca88wS OuGq9LIkbU428b46l7VnDwudldTXPUU8eKfUtFRjdGtIWH9I3tK6TsRoCfTcXkv0 smxYiiU1XHjAkkPFWQWEeFdfZ071snFKVWouU0AoKiq+PdRoS8+3AJqIQUjlA2sH AybnSkv9KxY/Rs1bnvMubsQm1GF66qVrbxBU6FILBv1JZYwj4yA= =Gbog -----END PGP SIGNATURE----- bugfixes update setupadBidAdapter_spec.js REPORT_ENDPOINT update readme Revert "Merge branch 'prebid:master' into setupad-adapter" This reverts commit 1c14dbe, reversing changes made to 7fe9ea5. Revert "Revert "Merge branch 'prebid:master' into setupad-adapter"" This reverts commit a34e3e4. * change double quote to single quote --------- Co-authored-by: pavel <pavel@setupad.com> Co-authored-by: Elgars Grodnis <elgars@setupad.com> * bugfix setupadBidAdapter remove getAdEl, spelling correction * add onBidWon event onBidWon event handling moved from custom to native onBidWon method * minor bugfixes && remove funk getSiteObj && getDeviceObj --------- Co-authored-by: pavel <pavel@setupad.com> Co-authored-by: Elgars Grodnis <elgars@setupad.com>

fix: package.json & package-lock.json to reduce vulnerabilities

f07ee52

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DSET-1054939 - https://snyk.io/vuln/SNYK-JS-DSET-2330881

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade dset from 2.0.1 to 3.1.2 #19

[Snyk] Security upgrade dset from 2.0.1 to 3.1.2 #19

Oferlev commented Oct 5, 2022

[Snyk] Security upgrade dset from 2.0.1 to 3.1.2 #19

Are you sure you want to change the base?

[Snyk] Security upgrade dset from 2.0.1 to 3.1.2 #19

Conversation

Oferlev commented Oct 5, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: