Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade immer from 2.0.0 to 9.0.6 #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade immer from 2.0.0 to 9.0.6 #19

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Sep 2, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-IMMER-1540542		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: immer The new version differs by 250 commits.
  • fa671e5 fix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
  • 2e0aa95 Create SECURITY.md
  • 050522d chore: fix CI. maybe.
  • 1195510 docs: Update example-setstate.mdx (#833)
  • 648d39b docs: fixing link to RFC-6902 & fixing typo (#830)
  • bc890f7 docs: Update example-setstate.mdx (#829)
  • 16a3d0f chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website (#822)
  • 847492c docs: Extended / updated documenation (#824)
  • 7f41483 chore: [workflows] don't release from forks
  • 3f9a94e chore: let's test before publish
  • bfb8dec fix: release missing dist/ folder
  • b314b19 chore: fix cpx usage
  • a607d6c chore: Remove old shizzle
  • 6fd5329 chore: fixes for deploy preview
  • 144f886 chore: fix docs deployment attempt 3
  • 38964fa chore: semantic-release + GH actions
  • 06c6741 chore: fix docs deploy
  • ad23da9 chore: fix test job
  • b6d92f4 chore: publish docs automatically
  • c59576a chore: setup GH action for test
  • dc3f66c fix: #807 new undefined properties should end up in result object
  • 5412c9f fix: #791 return 'nothing' should produce undefined patch
  • 58b74a6 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website (#818)
  • c9deb48 chore(deps): bump color-string from 1.5.4 to 1.5.5 in /website (#817)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot