Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @percy/agent from 0.13.0 to 0.26.3 #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @percy/agent from 0.13.0 to 0.26.3 #27

wants to merge 1 commit into from

Conversation

shabbirbs
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @percy/agent The new version differs by 172 commits.
  • fa7c7d6 chore(release): 0.26.3 [skip ci]
  • 8a121b6 fix: Ignore any protocols that aren't `http` or `https` (#507)
  • 5a971b3 build(deps): [security] bump handlebars from 4.5.3 to 4.7.6 (#506)
  • 709d12b build(deps): bump puppeteer from 2.1.1 to 3.0.2 (#499)
  • 4a2e762 build(deps-dev): bump @ types/chai from 4.2.9 to 4.2.11 (#504)
  • e966c40 build(deps): bump cross-spawn from 6.0.5 to 7.0.2 (#503)
  • 3761a2a build(deps-dev): bump @ babel/core from 7.7.7 to 7.9.6 (#502)
  • 6423133 build(deps): bump axios from 0.19.0 to 0.19.2 (#501)
  • ad374b0 build(deps-dev): bump webpack from 4.41.5 to 4.43.0 (#500)
  • 4cf993b build(deps-dev): bump mocha-junit-reporter from 1.23.1 to 1.23.3 (#498)
  • 5a4ffaf build(deps-dev): bump stdout-stderr from 0.1.9 to 0.1.13 (#497)
  • 146eba4 build: Add Home URL and Source Code URL + Fix (#481)
  • 6f90d0f chore(release): 0.26.2 [skip ci]
  • 1048848 fix: Up default network idle timeout to 125 (#495)
  • 11458fe build(deps-dev): bump @ semantic-release/git from 7.0.17 to 7.0.18 (#490)
  • c95c8c7 build(deps-dev): bump @ types/sinon from 7.0.13 to 9.0.0 (#493)
  • d0030a4 chore(release): 0.26.1 [skip ci]
  • ae36f5a fix: sort dry-run output (#494)
  • ad16d9a build(deps-dev): bump @ types/cross-spawn from 6.0.0 to 6.0.1 (#491)
  • 02a00cd build(deps-dev): bump tslint from 5.20.1 to 6.1.0 (#489)
  • e2dc3e3 chore(release): 0.26.0 [skip ci]
  • 6e259a3 feat: snapshot and upload --dry-run flag (#486)
  • d789ae0 chore(release): 0.25.0 [skip ci]
  • 7b45c12 feat: Capture Canvas elements (#483)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shabbirbs @snyk-bot