Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade juice from 5.2.0 to 7.0.0 #1

Open
wants to merge 1 commit into
base: html2xlsx-hd
Choose a base branch
from
Open

[Snyk] Security upgrade juice from 5.2.0 to 7.0.0 #1

wants to merge 1 commit into from

Conversation

yuanoook
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: juice The new version differs by 37 commits.
  • a628051 v7.0.0
  • 5d89c6e Merge pull request #368 from TrySound/upgrade-web-resource-inliner
  • ef3a266 Merge pull request #369 from TrySound/published-files
  • 335ed19 Publish only necessary files in package
  • 3ec34d3 Upgrade web-resource-inliner
  • 56e8fbc Merge pull request #367 from TrySound/upgrade-commander
  • 1dac1f4 Upgrade commander
  • 1f82379 Merge pull request #366 from TrySound/upgrade-cheerio
  • 4178da6 Upgrade typescript
  • 0ea9842 Upgrade to cheerio v1
  • ec41c65 Merge pull request #352 from hansottowirtz/support-htmlparser2
  • f55f820 Merge pull request #364 from TrySound/drop-deep-extend
  • 7116879 Replace deep-extend with nested Object.assign
  • 879e34c Merge pull request #363 from TrySound/unused-inliner-options
  • 8899cd7 Merge pull request #365 from TrySound/object-assign
  • 0765875 Merge pull request #362 from TrySound/cross-spawn-dev
  • d08b1ed Replace custom extend utility with native Object.assign
  • fb22fc0 Drop unused cssmin and uglify options from cli
  • f3307de Move cross-spawn to dev dependencies
  • 49b5412 Merge pull request #349 from ArsenyYankovsky/master
  • 0ce3da7 Merge pull request #360 from nekocode/fix-empty-tag
  • 990f0dd Merge pull request #353 from asztal/patch-1
  • 35d9a9d fix #359
  • 6963fe6 Add changelog entry for v6.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
0f7db40 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@yuanoook @snyk-bot