Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade js-yaml from 3.13.1 to 4.1.0 #7

Open
wants to merge 1 commit into
base: latest
Choose a base branch
from
Open

[Snyk] Upgrade js-yaml from 3.13.1 to 4.1.0 #7

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade js-yaml from 3.13.1 to 4.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2021-04-14.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
npm:extend:20180424		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-Y18N-1021887		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Directory Traversal
SNYK-JS-MOMENT-2440688		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-MIXINDEEP-450212		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-73638		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-608086		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-450202		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-608086		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-469063		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-174183		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-173692		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-AJV-584908		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Denial of Service (DoS)
npm:mem:20180117		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-567742		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-1279029		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Validation Bypass
SNYK-JS-KINDOF-537849		 579/1000
Why? Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-534988		 579/1000
Why? Has a fix available, CVSS 7.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: js-yaml from js-yaml GitHub release notes
Commit messages
Package name: js-yaml
  • 2cef47b 4.1.0 released
  • 810b149 dist rebuild
  • 2b5620e Export built-in types, type override now preserves order
  • ab31bba doc: clarify `lineWidth` dump options (#612)
  • ee74ce4 4.0.0 released
  • a44bb7c dist rebuild
  • aee620a Throw an error if block sequence/mapping indent contains a tab
  • f0f205b Fix parsing of invalid block mappings
  • e8cf6f6 Fix error with anchor not being assigned to an empty node
  • a583097 Shorthand tags with !! whenever possible
  • a0d0caa Dump custom tags starting with `!` as `!tag` instead of `!<!tag>`
  • 1ea8370 Fix examples
  • 73ef02c Add multi tags covering all tags with the fixed prefix
  • 359b264 Add replacer similar to one in JSON.stringify
  • 56d5616 Serialize undefined as null in collections, remove it in mappings
  • 38528f7 Fix minor issue in formatting error snippets
  • 4508352 Force demo use latest code (instead o dist)
  • 8d23f3c Update funding info
  • c27011e Remove Mark class, move all logic into `snippet` helper
  • 90ebea5 Change code snippet format for exceptions
  • eb08b0e Only quote []{} in block, not in flow context
  • 91f9662 Improve Plain Style support
  • dc44dd3 Fix noCompatMode flag for base60
  • a003121 Use defineProperty if user data happens to have `__proto__`

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot