Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade jsdom from 11.11.0 to 15.1.1 #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade jsdom from 11.11.0 to 15.1.1 #10

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jsdom The new version differs by 195 commits.
  • 0371215 Version 15.1.1
  • dd6c5a0 Do not reserialize XHR content-types unnecessarily
  • 7cd5329 Do not merge XHR preflight and response headers
  • 9f6b190 Keep track of style and event attribute changes in SVGElement
  • 1951a19 Use ASCII uppercase for tagName
  • 1c8e963 Add HTMLOrSVGElement interface mixin
  • 8533b57 Use interface mixins
  • c1b4591 Escape null in WebIDL2JSValueAsUnsupported
  • 93944f6 Update ESLint to v5
  • 9f273fe Update dependencies
  • 33798c9 Roll Web Platform Tests
  • 5f314a9 Version 15.1.0
  • 0a39afa Implement Headers from the Fetch standard
  • e4febb9 Apply pattern="" validation to the entire string
  • 3781125 Implement changes to event path iteration
  • 5146cb2 Implement the translate attribute
  • 1a70afa Exclude <input type="image"> from formEl.elements
  • 45b7e02 Temporarily disable testing of canvas in Node.js v12
  • b20a81a Fix sync XHR in Node.js v12
  • 14be063 Roll Web Platform Tests
  • 43f2089 Version 15.0.0
  • 8fad876 Always use "\n" for Blob's native line endings
  • 7148ebb Allow the contentType option to override sniffed encoding
  • 536a89e Recognize the .xht file extension

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
10c7775 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-1296835
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot