Skip to content
This repository has been archived by the owner on Jan 9, 2024. It is now read-only.

[Snyk] Security upgrade jsdom from 16.5.0 to 16.6.0 #262

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade jsdom from 16.5.0 to 16.6.0 #262

wants to merge 1 commit into from

Conversation

sasoria
Copy link
Contributor

@sasoria sasoria commented Dec 20, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • server/package.json
    • server/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 644/1000
Why? Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jsdom The new version differs by 38 commits.
  • 74a8d1e Version 16.6.0
  • f51f2ec Remove the dependency on request
  • 2b6d5ae Update dependencies
  • b72b33b Disable now-crashing canvas test
  • 39b7972 Handle null and undefined thrown as exceptions
  • 04f6c13 Add ParentNode.replaceChildren() (#3176)
  • e4c4004 Version 16.5.3
  • 2f41466 Fix MutationObserver infinite loop bugs (#3173)
  • b232f2a Run partially-failing WPTs in the custom-elements directory
  • 35e103e Run partially-failing WPTs in the cors directory
  • 77b660a Run partially-failing WPTs in the FileAPI directory
  • d8a245f Use `InnerHTML` mixin for `innerHTML` definition (#2981)
  • bd50bbe Version 16.5.2
  • d5cfd69 Fix event handler ObjectEnvironment instantiation
  • 93e3d4a Remove vestigial concurrentNodeIterators option-passing
  • c92f9c1 Check all associated elements for form validity
  • 2202703 Fix failing WPTs calculation
  • 21c7671 Upgrade dependencies
  • c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
  • a13d854 Use WeakRefs for NodeIterator tracking when supported
  • fdf97d8 Fix radio/checkbox to not fire events when disconnected
  • 761d8cc Refactor <output>
  • b36d418 Make customElements.whenDefined() resolve with the constructor
  • c5d13bb Remove a variety of redundant to-port tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@sasoria sasoria requested a review from a team as a code owner December 20, 2023 17:47
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@Amirhlotfi Amirhlotfi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sasoria @Amirhlotfi @snyk-bot