Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade modernizr from 3.7.1 to 3.9.0 #50

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade modernizr from 3.7.1 to 3.9.0 #50

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: modernizr The new version differs by 45 commits.
  • 219b377 v3.9.0
  • 1134242 Fix possible unintended scrolling in onInput test
  • f66afd6 Issue #2492 inputnumber-l10n test causing unintended scrolls #2492 (#2496)
  • 25f2f3d Remove node8 from testing matrix (#2494)
  • 93d844b Update sinon to latest version (#2491)
  • f4d3aa0 feature detects for ES6 Symbol; (#2487)
  • 146c813 Fix missing chai lib on integration test page
  • 04ca29b Add detection for `gap` CSS property for flexbox (#2485)
  • 0440d39 Fix travis not signaling an error when node tests fail
  • 06c035c Fix command line fails for nested properties (#2480)
  • 3675d7f Cleanup feature-detects meta tags whitespace
  • 39bb2bf Replace expect.js with chai (#2449)
  • 775670e v3.8.0
  • 1c15567 Fix vh unit issue on ios safari / android chrome #1805 (#2452)
  • bbb28ae [BUGFIX] Prevent viewport jumping when using CSS Hyphens (#1781) (#2369)
  • 4aeac3d Deprecate some tests (#2472)
  • 154b85c Add new CodeOfConduct (#2427)
  • d11cd99 Add support for ShadowRoot DOM api feature detect through `shadowroot` and `shadowroot-legacy` (#2475)
  • c2a9465 Update dependencies and appveyor (#2474)
  • e0413ee Use addTest for some tests like inputtypes (#2469)
  • be97c78 Check if userAgent is empty (#2471)
  • 032899e Catch exception when running in headless chrome (#2436)
  • 9b09410 Bump eslint-utils from 1.3.1 to 1.4.2 (#2467)
  • a335662 Fix typo in README, Update dependencies and gitignore

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@vercel
Copy link

vercel bot commented Sep 15, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/betotrr/react-start/GWkzhsDveHhVBiBeWmMawSzqi81Y
✅ Preview: https://react-start-git-snyk-fix-7b0dffee6ff9d1604d550e4-2f56d3-betotrr.vercel.app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot