Skip to content

Comments

[Snyk] Security upgrade immer from 6.0.2 to 8.0.1#1

Open
Hovakimyan wants to merge 1 commit intomasterfrom
snyk-fix-af68558be06c009d663c798183c0a56d
Open

[Snyk] Security upgrade immer from 6.0.2 to 8.0.1#1
Hovakimyan wants to merge 1 commit intomasterfrom
snyk-fix-af68558be06c009d663c798183c0a56d

Conversation

@Hovakimyan
Copy link
Owner

@Hovakimyan Hovakimyan commented Jan 20, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-IMMER-1019369		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: immer The new version differs by 146 commits.
  • da2bd4f fix: Fixed security issue #738: prototype pollution possible when applying patches CVE-2020-28477
  • d75de70 chore: fix Buffer deprecation warning in test (#706)
  • 8fbf93c docs: Add referential equality to pitfalls (#731)
  • c21a2ef docs: Update current.md (#728)
  • 211314c docs: add cool-store into built-with.md (#724)
  • e8fd805 chore(tests): use UTC date string in tests to be timezone independent (#705)
  • fe8f589 chore(comments): update comments (#727)
  • d8121d6 chore(docs): Fix typo in pitfalls.md (#729)
  • 5379cdd chore(docs): Update example-reducer.md (#734)
  • d3908e1 chore(deps): bump dot-prop from 4.2.0 to 4.2.1 in /website (#735)
  • 3a62869 chore(deps): bump ini from 1.3.5 to 1.3.7 in /website (#723)
  • 1a15615 chore(deps): bump ini from 1.3.5 to 1.3.7 (#722)
  • 894d190 chore(deps): bump highlight.js from 9.15.10 to 9.18.5 in /website (#709)
  • 3c4e3f7 chore(deps-dev): bump semantic-release from 17.0.2 to 17.2.3 (#704)
  • 7faa7b4 docs: some refinements on freezing
  • 51cc8b8 chore: back to node, everything is slow on travis
  • a406c8f feature: Always freeze by default (#702)
  • 6c62eec chore: Merge branch 'master' of github.com:immerjs/immer
  • 31684f2 chore: fix some build issues (#701)
  • 0730231 docs: Organize performance and pitfalls, and document nested produce behavior. Fixes #694
  • 754331b fix: make plugin loading idempotent, fixes #692
  • 8808065 chore: fix travis build not failing, fixes #688 (?)
  • 678e541 chore: Added the missing space in readme.md (#698)
  • b2e5493 clearer error when plugin is missing

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
8bd8f00 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-IMMER-1019369
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Hovakimyan @snyk-bot