Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade parcel-bundler from 1.11.0 to 1.12.5 #39

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade parcel-bundler from 1.11.0 to 1.12.5 #39

wants to merge 1 commit into from

Conversation

mhavelant
Copy link
Collaborator

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-NODEFORGE-598677		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: parcel-bundler The new version differs by 99 commits.
  • e11f085 Publish
  • 3ea0373 Pass babel core version to preset-env
  • da642ab Update babel
  • 4543d19 Node forge update (#5521)
  • 939ce41 Fix #3619 by scripting the copy of the README.md file to the parcel-bundler folder. (#3707)
  • cf83b72 strip debug info from generated wasm if minify is true (#3671)
  • 5200ecc CSS hot reloading fix for platforms with urls that lack protocol and host prefix. (#3649)
  • 0464303 Update changlog for v1.12.4
  • d9ec7af Publish
  • 430679c Update yarn.lock
  • fe08980 fix source maps on coffeescript assets (#3423)
  • dc393bf Fixes #3133 by upgrading serialize-to-js from 1.1.1 to 3.0.0 (#3451)
  • 96119be Fix up misleading usage information (#3158)
  • a92e9b2 bump chokidar to get a reload fix for linux (#2878)
  • 75a891e Use uppercase for the first letter of the issue template (#3192)
  • 6fbfe96 Update dotenv-expand to allow overriding of falsy values (#2971)
  • 7ad25fd Fixes 3076: HMR update breaks in webworker due to window (and location.reload) not existing in web worker context. (#3078)
  • 4b50182 Scope hoisting destructuring (#2742)
  • e60a074 Create FUNDING.yml (#3074)
  • 4c59571 Added new info command (#3068)
  • fd7e36e Fix typo (#3043)
  • ee0acf2 Update deps & gitattributes (#3006)
  • 7ddb838 Fix assigning to exports from inside a function in scope hoisting (#2994)
  • 84b3085 Define __esModule interop flag when requiring ES module from CommonJS (#2993)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mhavelant @snyk-bot