Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade protobufjs from 6.11.2 to 6.11.3 #615

Merged
merged 1 commit into from Jul 17, 2023
Merged

[Snyk] Security upgrade protobufjs from 6.11.2 to 6.11.3 #615

merged 1 commit into from Jul 17, 2023

Conversation

eaviles
Copy link
Member

@eaviles eaviles commented May 24, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 803/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.2		 Prototype Pollution
SNYK-JS-PROTOBUFJS-2441248		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: protobufjs The new version differs by 7 commits.
  • b130dfd chore(6.x): release 6.11.3 (#1737)
  • c2c17ae build: publish to main
  • b2c6a5c build: run tests if ci label added (#1734)
  • a8681ce fix(deps): use eslint 8.x (#1728)
  • b5f1391 fix: do not let setProperty change the prototype (#1731)
  • 7afd0a3 build: configure 6.x as default branch
  • 37285d0 build: configure backports

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Prototype Pollution

@codecov
Copy link

codecov bot commented May 24, 2022
edited

Codecov Report

Merging #615 (eaaf5dc) into develop (72db1ff) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##           develop      #615   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           19        19           
  Lines         1409      1409           
  Branches       192       192           
=========================================
  Hits          1409      1409

Continue to review full report at Codecov.

Legend - Click here to learn more
螖 = absolute <relative> (impact), 酶 = not affected, ? = missing data
Powered by Codecov. Last update 72db1ff...eaaf5dc. Read the comment docs.

@eaviles eaviles merged commit 35e9862 into develop Jul 17, 2023
@eaviles eaviles deleted the snyk-fix-e2101a144692db230c42a482a72b4a9a branch July 17, 2023 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eaviles @snyk-bot