Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade jimp from 0.6.4 to 0.16.0 #82

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade jimp from 0.6.4 to 0.16.0 #82

wants to merge 1 commit into from

Conversation

pjmolina
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jimp The new version differs by 119 commits.
  • 6b01322 Bump version to: v0.16.0 [skip ci]
  • 15420e3 Update CHANGELOG.md [skip ci]
  • e67d683 added ability to ignore sides on autocrop (#924)
  • 5e34fdf Bump version to: v0.15.0 [skip ci]
  • 25d498a Update CHANGELOG.md [skip ci]
  • f323d96 Remove 'browser' field from main jimp package's package.json. (#918)
  • 7770813 Bump version to: v0.14.0 [skip ci]
  • 731e87d Update CHANGELOG.md [skip ci]
  • 37cc5c6 include Addition (Add) blending mode + Officially drop support for Node 8 (#904)
  • a29b668 Bump version to: v0.13.0 [skip ci]
  • c9aab5a Update CHANGELOG.md [skip ci]
  • fcc5b23 Add single frame encoder for type-gif (#899)
  • 612cef4 Fix one file testing instructions (#898)
  • 942e635 Bump version to: v0.12.1 [skip ci]
  • f0988f7 Update CHANGELOG.md [skip ci]
  • eacdec8 update jpeg-js (#892)
  • 2b3413a Bump version to: v0.12.0 [skip ci]
  • 0bd02d5 Update CHANGELOG.md [skip ci]
  • 651de24 Fix package.json
  • a2b44a1 Add readme description
  • 697f2a6 Remove compiling polyfills into published code (#891)
  • ec736c9 Bump version to: v0.11.0 [skip ci]
  • a52b096 Update CHANGELOG.md [skip ci]
  • 2f99663 Make callback optional for Jimp.rgbaToInt (#889)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pjmolina @snyk-bot