Skip to content
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.

[Snyk] Security upgrade raml-1-parser from 1.1.50 to 1.1.62 #29

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade raml-1-parser from 1.1.50 to 1.1.62 #29

wants to merge 1 commit into from

Conversation

svc-ast-gh-snyk5
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 No Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Improper Input Validation
SNYK-JS-XMLDOM-1534562		 No No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Prototype Pollution
SNYK-JS-XMLDOM-3042242		 No No Known Exploit
critical severity 811/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 9.8		 Improper Input Validation
SNYK-JS-XMLDOM-3092935		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: raml-1-parser The new version differs by 134 commits.
  • 2b87445 Bump version.
  • 5fbc153 Update some dependencies
  • 45b2f07 Update raml-definition-system. Use xmldom-alpha
  • 5dca1aa Update deps. Bump version. Add greenkeeper.json
  • 3c3f2d4 Rollback gulp-mocha version
  • 37294fe Fix deps update issues. Rebuild browser version
  • dc41d2e Update dependencies
  • d132083 Build browser version
  • d08b8b4 Update webpack version. Bump pgk version
  • 26aca00 Make bower version for 1.1.58
  • f4ff886 Update deps. Bump version
  • 44b3f0a Downgrade gulp-mocha
  • e6f6137 Bump version. Generate bower version
  • 4d82902 Add engines to package.json. Fixes #59
  • d0d6b34 Hardcode raml-xml-validation to version 0.15.0
  • 61ccb8a Update rimraf and typescript-compiler
  • 27bd7f5 Upgrade deps suggested by greenkeeper
  • 3e584be Update gulp-mocha to 7.0.1
  • c574706 Fix security issues according to npm audit
  • e75e8f7 Merge pull request #900 from raml-org/dependabot/npm_and_yarn/mixin-deep-1.3.2
  • 955e976 Bump mixin-deep from 1.3.1 to 1.3.2
  • 864a6f3 Restore original travis deploy settings
  • 1824018 Set up travis jobs to release browser version to npm
  • 076b167 Release bower version 1.1.56

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Improper Input Validation

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cla:signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@svc-ast-gh-snyk5 @snyk-bot