Skip to content

[Snyk] Security upgrade actions-toolkit from 1.6.0 to 4.0.0#8

Open
terrorizer1980 wants to merge 1 commit into
masterfrom
snyk-fix-233da50ddc264790e6c2ea065d0a806b
Open

[Snyk] Security upgrade actions-toolkit from 1.6.0 to 4.0.0#8
terrorizer1980 wants to merge 1 commit into
masterfrom
snyk-fix-233da50ddc264790e6c2ea065d0a806b

Conversation

@terrorizer1980

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASHSET-1320032
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: actions-toolkit The new version differs by 233 commits.
  • d8d02ec 4.0.0
  • 47056ff Merge pull request #109 from JasonEtco/octokit-17
  • eeaff62 Update to 17.1.4
  • 98f01f3 Merge remote-tracking branch 'origin/master' into octokit-17
  • d2e67de 3.0.2
  • edbcf49 Merge pull request #117 from JasonEtco/dep-updates
  • 848f722 Update dependencies
  • 3c053e1 Merge pull request #113 from outsideris/patch-1
  • 2c84735 Merge pull request #115 from JasonEtco/warn-actions-checkout
  • de61f03 Fix prepublish warning
  • bc97fd0 Fix a log in tests
  • e45ab48 Update the ol' snapshot
  • bc6953a Update index.ts
  • b3d2ac4 fix broken actions events link
  • 7581a12 Merge pull request #112 from JasonEtco/dependabot/npm_and_yarn/minimist-1.2.2
  • 859aa82 Bump minimist from 1.2.0 to 1.2.2
  • 3c52a84 npm audit fix
  • fc81e38 Merge pull request #111 from JasonEtco/dependabot/npm_and_yarn/acorn-6.4.1
  • 7f2a80f Bump acorn from 6.4.0 to 6.4.1
  • c4b49dd 3.0.1
  • b40de7e Add prepublish script
  • 754b666 Use Octokit directly
  • 5ea3a02 Upgrade to @ octokit/rest v17
  • 5c38cd5 3.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants