[Snyk] Upgrade yup from 0.29.3 to 0.32.11

[damian-snyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade yup from 0.29.3 to 0.32.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 15 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2021-10-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASHES-2434283	188/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1452, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5	Proof of Concept
	Command Injection SNYK-JS-LODASHES-2434284	188/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1452, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434285	188/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1452, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	188/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1452, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5	Proof of Concept
	Prototype Pollution SNYK-JS-YUP-2420835	188/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1452, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yup

• 0.32.11 - 2021-10-12
  

  v0.32.11

• 0.32.10 - 2021-10-11
  

  v0.32.10

• 0.32.9 - 2021-02-17
  

  v0.32.9

• 0.32.8 - 2020-12-10
  

  0.32.8

• 0.32.7 - 2020-12-10
  

  0.32.7

• 0.32.6 - 2020-12-08
  

  v0.32.6

• 0.32.5 - 2020-12-07
  

  v0.32.5

• 0.32.4 - 2020-12-07
• 0.32.3 - 2020-12-07
• 0.32.2 - 2020-12-07
• 0.32.1 - 2020-12-04
• 0.32.0 - 2020-12-03
• 0.31.1 - 2020-12-01
• 0.31.0 - 2020-11-23
• 0.30.0 - 2020-11-19
• 0.29.3 - 2020-08-04

from yup GitHub release notes

Commit messages

Package name: yup

• d072af3 Publish v0.32.11
• 2015c0f fix: dep ranges
• 846161e Publish v0.32.10
• 1d767b4 chore: fix ts compilation
• 2778b88 Merge pull request #1483 from jquense/bug-bash
• 4bdc4e4 chore: bump deps and clean up tooling
• 5334349 fix: carry over excluded edges when concating objects
• f3056f2 fix: missing transforms on concat
• 03584f6 feat: add resolved to params (#1437)
• 7842afb fix: oneOf, notOneOf swallowing multiple errors (#1434)
• 7576cd8 feat: add types to setLocale (#1427)
• eab974f Update typescript.md
• 877f777 chore(deps): update dependency lint-staged to v11 (#1359)
• 94cfd11 feat: allows custom types to be passed to avoid cast to ObjectSchema (#1358)
• 70d0b67 fix: update lodash/lodash-es to fix CVEs flagged in 4.17.20 (#1334)
• acbb8b4 fix(utils): use named functions for default exports (#1329)
• 5eda549 fix: prevent unhandled Promise rejection when returning rejected Promise inside test function (#1327)
• 91ace1e fix: SchemaOf<>'s treatment of Date objects. (#1305)
• 0fca0a4 docs: clarify wording
• 4c17508 fix: fix the typo for the array length validation (#1287)
• bbd44d0 chore(deps): update dependency husky to v5 (#1251)
• 357ffa4 docs: Fix typo (#1272)
• 4a0870c Publish v0.32.9
• 1aba3b8 chore: clean up

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs