Skip to content

Comments

[Snyk] Security upgrade vconsole from 3.2.0 to 3.5.2#6

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-e6e62ba40c92cc40a049cbc944896d8c
Open

[Snyk] Security upgrade vconsole from 3.2.0 to 3.5.2#6
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-e6e62ba40c92cc40a049cbc944896d8c

Conversation

@snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented May 13, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 556/1000
Why? Recently disclosed, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-VCONSOLE-1292147		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: vconsole The new version differs by 250 commits.
  • ec4e845 Merge pull request #396 from Tencent/dev
  • 832780f docs: update changelog
  • 2eaa461 chore: fix module script
  • 3ca5c95 chore: use `babel.config.js` instead of `.babelrc`.
  • db0c962 chore: disable babal module, use webpack to build module by default
  • 4d3c97d chore: update webpack dev server config
  • 82bce4b chore: update NPM packages, update Webpack configs
  • 16520f3 docs: update changelog
  • 37bbd6c style(log): fix log style.
  • a4b2d35 fix: fix XSS risk
  • 365380a fix(log): Fix XSS risk.
  • bb89dcd Fix(General): Fix invalid click caused by wrong `selection`.
  • 1abd66a chore(log): rename `preLog` to `previousLog`.
  • a18c3b4 fix(log): Delete `cachedLogs` when reached `maxLogNumber` limit.
  • 768fec6 Merge branch 'master' into dev
  • 77b659b v3.5.1 (#394)
  • b263ae4 feat: v3.5.1
  • bf47312 chore: npm audit
  • 95b4338 fix: babel-loader work incorrectly with .babelrc (#392)
  • 80f9bac fixed: change variable type (#388)
  • 887f7f5 Merge branch 'master' into dev
  • a3fd1b7 v3.5.0 (#382)
  • 30e1d23 docs: add new plugin
  • cd9513c docs: update changelog

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot