Skip to content
This repository has been archived by the owner on Apr 21, 2023. It is now read-only.

[Snyk] Security upgrade yup from 0.29.3 to 0.30.0 #871

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade yup from 0.29.3 to 0.30.0 #871

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YUP-2420835		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yup The new version differs by 25 commits.
  • 31bbfc3 Publish v0.30.0
  • d225b5d chore: fix lockfile
  • f08d507 fix: defined() so it doesn't mark a schema as nullable
  • 57d42a8 fix: uuid's regexp (#1112)
  • 15a0f43 fix: security Fix for Prototype Pollution - huntr.dev (#1088)
  • 040c40d docs: Clarify return value of mixed.test (#1089)
  • e616039 chore(deps): update all non-major dependencies (#1087)
  • 7fd80aa fix: IE11 clone() (#1029)
  • 7459544 chore: bump lodash (#1071)
  • 66bb500 chore(deps): update all non-major dependencies (#1069)
  • 6096064 feat: exposes context on mixed.test function and add originalValue to context (#1021)
  • a56655d chore(deps): update all non-major dependencies (#1058)
  • 0dcfa21 chore(deps): update all non-major dependencies (#1049)
  • 7573a1a chore: upgrades property-expr dependency to 2.0.4 (#1048)
  • a3f94b0 chore(deps): update all non-major dependencies (#1044)
  • ed49b9e chore(deps): update all non-major dependencies (#1037)
  • 02f59ad chore(deps): update dependency eslint-plugin-jest to v24 (#1030)
  • a5f55a4 chore(deps): update all non-major dependencies (#1031)
  • ce83c0b chore(deps): update all non-major dependencies (#1025)
  • 01da7e1 perf: reduce function calls for shallower stacks (#1022)
  • dcae108 feat!: remove sync promise implementation and use callbacks internally (#1019)
  • 70e39ef Update issue templates
  • f8d5189 chore(deps): update all non-major dependencies (#1014)
  • 234b296 chore(deps): update all non-major dependencies (#1011)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
02a5d11 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-YUP-2420835
@snyk-bot snyk-bot requested a review from a team as a code owner March 11, 2022 06:59
@sonarcloud
Copy link

sonarcloud bot commented Mar 11, 2022

Kudos, SonarCloud Quality Gate passed!聽 聽 Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot