Skip to content

[Snyk] Upgrade auditjs from 4.0.18 to 4.0.37#143

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-upgrade-ed67112e4daca252b924a672ad38c307
Open

[Snyk] Upgrade auditjs from 4.0.18 to 4.0.37#143
snyk-bot wants to merge 1 commit into
masterfrom
snyk-upgrade-ed67112e4daca252b924a672ad38c307

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to upgrade auditjs from 4.0.18 to 4.0.37.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 19 versions ahead of your current version.
  • The recommended version was released 24 days ago, on 2022-04-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Improper Input Validation
SNYK-JS-XMLDOM-1534562
325/1000
Why? CVSS 6.5
No Known Exploit
XML External Entity (XXE) Injection
SNYK-JS-XMLDOM-1084960
325/1000
Why? CVSS 6.5
No Known Exploit
Information Exposure
SNYK-JS-LOG4JS-2348757
325/1000
Why? CVSS 6.5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: auditjs from auditjs GitHub release notes
Commit messages
Package name: auditjs

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@pull-dog

pull-dog Bot commented May 15, 2022

Copy link
Copy Markdown

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

  • docker-compose.yml
What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands
  • @pull-dog up to reprovision or provision the server.
  • @pull-dog down to delete the provisioned server.
Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
2a562cc0-d3fd-11ec-9ab7-e93886ef0851

@guardrails

guardrails Bot commented May 15, 2022

Copy link
Copy Markdown

⚠️ We detected 1 security issue in this pull request:

Mode: paranoid | Total findings: 1 | Considered vulnerability: 1

Vulnerable Libraries (1)
Severity Details
High y18n@4.0.0 (t) - no patch available

More info on how to fix Vulnerable Libraries in General.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant