Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

chris-green-s1
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-LODASH-6139239
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: recharts The new version differs by 93 commits.
  • 36d3f16 Version 1.0.0
  • 7f4bd29 feat: rename props defaultShowTooltip
  • 173cc83 feat: add position to the className of tooltip wrapper
  • c142372 refactor: refactor clipPathId of Line
  • 80b0174 fix: fix baseLine of Area
  • 0eaa761 fix: fix the problem of labels in Pie, fix #929
  • f40ea82 chore: add auto generated file package-lock.json
  • 65dd42f Merge pull request #1371 from metabolize/scale-rect-refactor
  • 8452047 Merge pull request #1308 from vincentljn/tooltip-activation-prop
  • 8604a4e Merge pull request #1237 from bmxpert1/clip-line-dots
  • 5439859 Merge pull request #1369 from metabolize/no-pointer-events-on-cursor
  • aefbe14 Merge pull request #1358 from jessiesu/area-chart-range-fix
  • fd5b6c6 Merge pull request #1348 from harshita9110/feature/labelCenterTypes
  • 1f0a74e Merge pull request #1346 from tmikoss/label-position-top-with-negative-values
  • 8458778 Merge pull request #1341 from jfrej/fix-wrapper-styles-order
  • a5388f8 Merge pull request #1322 from cjies/fix_tooltip_wrapper
  • 9424e79 Merge pull request #1320 from alirezavalizade/master
  • efac39e Merge pull request #1207 from DevSide/lodash-es
  • bda6bd1 Factor out some scale- and rect-related functions ([Snyk] Upgrade moment from 2.21.0 to 2.29.1 #5)
  • b6faf50 Fix tooltips that disappear while mouse still over a scatter point
  • 7c4796d Fixing range area chart bottom bound. Base line needed to be filterted for connecting null.
  • 5411419 add top and bottom options to positioning center label
  • 4f85217 Position the 'top' label outside the element for negative heights
  • bf9a98a Move style spread to after default styles to allow overriding

See the full diff

Package name: semantic-ui The new version differs by 250 commits.
  • cc5e7f3 Tag more issues reporting build typo
  • 1c8f74c Remove lockfile
  • 55e0ad0 Cleanup auto npm publish
  • abfbbb9 Fix auto publishing npm
  • de2d7fc Finalize fixing admin scripts with kludge
  • 5bd99a3 Ye old annoying admin task rewrite
  • d89327e Merge branch 'next' of github.com:Semantic-Org/Semantic-UI
  • 6f2a912 Work on admin scripts gulp4
  • b19d2d3 Merge branch 'master' of github.com:Semantic-Org/Semantic-UI into next
  • 4b3fc0a Date
  • 2ec0dd0 Update rls notes
  • 2a7a90b Notes
  • 49b9cbf #7023 Fix loading icon in button
  • 9e12d42 Update notes
  • 69d2ddb Merge pull request #7023 from flppv/next
  • 365b6ba Merge pull request #7047 from jsoref/gitter-link
  • 3aa6f7f Merge pull request #7062 from eltociear/patch-1
  • 0300061 Rebuild with gulp4
  • d948dfc RM package-lock from tracking
  • 9a3300f Merge branch 'master' of github.com:Semantic-Org/Semantic-UI into next
  • 9f59052 Merge pull request #7089 from LucienLeMagicien/master
  • d965bea remove extra semicolon
  • 825c5b7 Readme updates
  • 6879d3a Fix typo in dimmer.js

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants