Skip to content
This repository has been archived by the owner on Dec 27, 2022. It is now read-only.

[Snyk] Fix for 1 vulnerabilities #111

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #111

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • dmriprepViewer/package.json
    • dmriprepViewer/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746		 No Proof of Concept
Commit messages
Package name: bootstrap-vue The new version differs by 250 commits.
  • e42ef07 Merge pull request #3862 from bootstrap-vue/dev
  • 5930f04 chore: bump version and update changelog (#4017)
  • 72ceef8 chore: coverage fixes for babel dep upgrades (#4034)
  • efe84a1 Revert "chore(deps): update devdependency @nuxtjs/pwa to ^3.0.0-beta.17 (#4026)" (#4031)
  • 4b8a8c7 fix(docs): hading before margin (#4029)
  • cbeeef9 feat(b-table, b-table-lite): add new scoped slot `custom-foot` to allow user to create their own table footer (closes #3960) (#4027)
  • 81efb89 fix(b-dropdown-*): ensure class bindings are placed on root element for all dropdown sub-components (closes #4022) (#4024)
  • c7cb16f fix(b-table, b-table-lite): use `:key` for row details based on the primary key value if available (#4025)
  • 2012d07 chore(deps): update devdependency @nuxtjs/pwa to ^3.0.0-beta.17 (#4026)
  • 6aa16b8 chore(deps): update devdependency eslint-plugin-jest to ^22.17.0 (#4023)
  • 64735a3 chore: tooltip/popover directives execute title/content if function before each show (#4020)
  • 10ff04a chore(deps): update devdependency eslint-plugin-node to v10 (#4019)
  • acb34e7 chore(docs): minor adjustments to the table docs (#4016)
  • 78c604c perf(b-table): cache cell slot names each render cycle (addresses #4008) (#4011)
  • 5855330 docs(router-links): add more details to `active-class` and `exact-active-class` props (closes #4012) (#4013)
  • 113b802 chore(docs): better ARIA compliant `b-nav` + `b-card` examples (#4006)
  • 332b79f fix(modal): fix scroll to top issue when modal has `no-fade` set (#4004)
  • 3aa78fd chore(deps): update devdependency eslint-config-prettier to ^6.2.0 (#4005)
  • dfabe51 docs(b-nav): add example markup for using vue-router/nuxt-child (closes #3999) (#4000)
  • 464d257 feat(dropdown): add `role=presentation` to `<li>` elements for improved a11y (#3996)
  • 484f012 chore(deps): update devdependency cross-env to ^5.2.1 (#3995)
  • e05cc0d chore(pagination): change `role="none presentation"` to `role="presentation"` (closes #2921) (#3993)
  • f6f73c7 feat(b-table, b-table-lite): use `aria-details` rather than `aria-describedby` when details row showing (addresses #3801) (#3992)
  • 444d8b0 chore(docs): remove duplicate IDs from dropdown examples (#3991)

See the full diff

Package name: snyk The new version differs by 33 commits.
  • 84f53bd Merge pull request #649 from snyk/fix/update-lodash
  • 8ebdc1a fix: update mvn and php plugins to get rid of vuln lodash
  • c9281cb fix: update vulnerable lodash
  • 1321ec5 Merge pull request #645 from snyk/fix/python-docker-images
  • b2f7176 fix: Use pip instead of pip3 in both images
  • ca6958b fix: Upgrade Python3 to 3.7 instead of 3.5
  • 0466101 Merge pull request #644 from snyk/docs/badge-example
  • 10c42f2 docs: update vuln badge in readme example
  • f2c2f7b Merge pull request #641 from snyk/docs/vuln-badge
  • fcb39c8 docs: vulns badge in readme tests the repo
  • 3b91eca Merge pull request #640 from snyk/fix/docker-analytics
  • 8dfee30 fix: isDocker is a boolean flag in analytics
  • a638c7b Merge pull request #638 from snyk/fix/reinstate-windows-cli-tests
  • 23fb199 test: re-enable windows tests
  • 84e1cd8 Merge pull request #635 from snyk/fix/wizard-help-txt
  • efc7923 Merge pull request #636 from snyk/fix/reinstate-missing-tests
  • c28d85e fix: reinstate missing tests
  • 3aa9d20 fix: wizard help text
  • 9551bdb Merge pull request #629 from snyk/test/convert-node-modules-test-to-ts
  • a2fd95e Merge pull request #620 from snyk/feat/add-test-errors
  • a2d63b0 Merge pull request #632 from snyk/feat/update-sbt-plugin
  • 7501b74 feat: update sbt plugin
  • 77a80fc Merge pull request #626 from snyk/feat/autodetect-gomodules
  • d1d6f93 chore: convert test to ts

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: dmriprepViewer/package.json & dmriprepViewer/package-lock.json t…
17783f5 
…o reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot