Skip to content
This repository has been archived by the owner on May 7, 2021. It is now read-only.

[Snyk] Security upgrade nunjucks from 3.2.1 to 3.2.3 #34

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade nunjucks from 3.2.1 to 3.2.3 #34

wants to merge 1 commit into from

Conversation

timarney
Copy link
Member

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • dev-server/package.json
    • dev-server/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-NUNJUCKS-1079083		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nunjucks The new version differs by 27 commits.
  • fd50090 Release v3.2.3
  • d34fdbf Temporarily comment out codecov action
  • cefad41 Replace README.md travis badge with github actions
  • 7601ff4 Fixup github actions workflow file
  • de9dc67 Add GitHub Workflow for tests. fixes #1333
  • aa9e5b9 Fix prototype pollution security issue. fixes #1331
  • f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (#1329)
  • f91f1c3 Fix `groupby` example formatting
  • 7ef121c Add base and default args to int filter
  • 0c02062 Use attribute getter for `sort` filter
  • c7337e7 Release v3.2.2
  • bea3a43 CHANGELOG: Fix issue link
  • 8186d4f Don't append extra newline when using |indent filter
  • 73a4eb3 Document `with context` behavior for `import` directive (fr)
  • eea081c Document `with context` behavior for `import` directive
  • bbcbaf3 Fix issue where sync render would not raise errors in included templates
  • 63c4baf Remove development files from NPM package. Fixes #984
  • 85918ef Document `if` statement with multiple conditions (fr). refs #1284
  • 7ddd747 Document `if` statement with multiple conditions
  • 1e29863 Add support for nested attributes in `groupBy` filter. Fixes #1198
  • 7087fa9 Fix precompile bin TypeError: name.replace is not a function
  • 1736334 Modify CHANGELOG message for select/reject filters
  • 62565a1 Add `reject` filter
  • 647fc11 Change version query

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: dev-server/package.json & dev-server/package-lock.json to reduce…
edf22d9 
… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NUNJUCKS-1079083
@timarney timarney temporarily deployed to forms-stage-snyk-fix-c9-z7rryx February 26, 2021 08:35 Inactive
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@timarney @snyk-bot