Skip to content

[Snyk] Security upgrade dagre from 0.7.4 to 0.8.1 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade dagre from 0.7.4 to 0.8.1 #6

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Jul 10, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746		 No Proof of Concept
Commit messages
Package name: dagre The new version differs by 24 commits.
  • 45c7ef4 Prep v0.8.1 release
  • 43ef07d Switch dagre back to a top level npm package
  • 4d0c2cf Fix up require for graphlib in bench script
  • 587d725 Bump version and set as pre-release
  • a299bf8 Prep for dagre v0.8.0 release
  • 980b6e2 Add Matthew Dahl to contributors
  • 12a0754 Complete support for lodash 4
  • 7e2528e Fix up more lodash 4 API changes
  • 590b155 More fixes for lodash 4 API changes
  • 1687a28 More fixes for lodash 4 API changes
  • d284539 Fix bugs with lodash 4
  • 38e1fdf Initial work to move to lodash 4
  • 5c5f6eb Merge pull request #224 from dagrejs/update_repo_badge_svg
  • 7d700c4 Merge pull request #169 from saravanak/clean_gitignore
  • c367859 Merge pull request #197 from jawshooah/trailing-comma
  • b2bcbaa Update repo badge to SVG
  • f5e622c Remove deprecation warning
  • 8bddb46 Bump version and set as pre-release
  • 7b8dc3c Prep v0.7.5 release
  • 67534ad Prep for move to @dagrejs org
  • e66c29b Update README.md
  • 23cdaaa Remove trailing comma
  • 3d48b63 Bump version and set as pre-release
  • fe716d2 Fix gitignore to work correctly with the silver searcher

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
2f1ada9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot