[Snyk] Fix for 1 vulnerabilities #57

2020-02-01T01:03:52Z

argoyle commented

2020-02-01 01:03:52 +00:00

(Migrated from gitlab.com)

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this Merge Request

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- yarn.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

<h3>Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.</h3> As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. #### Changes included in this Merge Request - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - yarn.lock #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Issue | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | Prototype Pollution <br/>[SNYK-JS-DOTPROP-543489](https://snyk.io/vuln/SNYK-JS-DOTPROP-543489) | No | Proof of Concept Check the changes in this Merge Request to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/argoyle/project/fdbefbeb-8f1c-483c-917e-152c9523c009) 🛠 [Adjust project settings](https://app.snyk.io/org/argoyle/project/fdbefbeb-8f1c-483c-917e-152c9523c009/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://snyk.io/docs/fixing-vulnerabilities/) [//]: # (snyk:metadata:{"dependencies":[{"name":"snyk","from":"1.279.1","to":"1.290.1"}],"packageManager":"yarn","projectPublicId":"fdbefbeb-8f1c-483c-917e-152c9523c009","projectUrl":"https://app.snyk.io/org/argoyle/project/fdbefbeb-8f1c-483c-917e-152c9523c009?utm_source=gitlab&utm_medium=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DOTPROP-543489"],"upgrade":["SNYK-JS-DOTPROP-543489"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":[]})

argoyle commented

2020-02-01 10:38:01 +00:00

(Migrated from gitlab.com)

merged

argoyle commented

2020-02-01 10:38:01 +00:00

(Migrated from gitlab.com)

mentioned in commit ae87f43f4e

mentioned in commit ae87f43f4ef2f89d21f14ba344ac356de4b96628

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#57