Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade rxdb from 9.19.0 to 10.1.0 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade rxdb from 9.19.0 to 10.1.0 #3

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 494/1000
Why? Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-OBJECTPATH-1569453		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-OBJECTPATH-1585658		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: rxdb The new version differs by 250 commits.
  • 5492b63 10.1.0
  • aa00b03 BUILD
  • 0b75aaf ADD migration refactoring to changelog
  • 68be3cf REFACTOR data migration step 1
  • df16c54 ADD logs for rare failing test
  • e957a00 Merge pull request #3413 from pubkey/renovate/svelte-3.x
  • 482bcb0 chore(deps): update dependency svelte to v3.43.0
  • 2e80e2c chore(deps): update dependency @ types/node to v14.17.19
  • 2fe6e77 Update before-next-major.md
  • 41dc0f0 Update before-next-major.md
  • fd7fd94 Update before-next-major.md
  • d8652c9 chore(deps): update dependency terser to v5.9.0
  • a0a7ba6 fix(deps): update angularmaterial monorepo to v12.2.7
  • 49e79ea chore(deps): update dependency rollup to v2.57.0
  • 28a0651 chore(deps): update dependency style-loader to v3.3.0
  • 7e317a7 chore(deps): update dependency @ types/node to v14.17.18
  • 4f60ca9 chore(deps): update dependency @ rollup/plugin-node-resolve to v13.0.5
  • c574cd6 chore(deps): update dependency graphql to v15.6.0
  • a491865 chore(deps): update typescript-eslint monorepo to v4.31.2
  • bcb38dd ADD hint how to run tests only in node/browser
  • afaabc0 BUILD
  • 80792ed fix(deps): update dependency jsonschema-key-compression to v1.6.0
  • c1119d3 FIX typings
  • e4b3653 CHANGE(renovate) disable dependency dashboard

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@sonarcloud
Copy link

sonarcloud bot commented Sep 28, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot