Skip to content
This repository was archived by the owner on May 7, 2021. It is now read-only.

[Snyk] Security upgrade nunjucks from 3.2.1 to 3.2.3#556

Open
maxneuvians wants to merge 1 commit intomasterfrom
snyk-fix-0a693114801ddfd9847ba9c3e868b42a
Open

[Snyk] Security upgrade nunjucks from 3.2.1 to 3.2.3#556
maxneuvians wants to merge 1 commit intomasterfrom
snyk-fix-0a693114801ddfd9847ba9c3e868b42a

Conversation

@maxneuvians
Copy link
Copy Markdown
Contributor

@maxneuvians maxneuvians commented Feb 26, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-NUNJUCKS-1079083		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nunjucks The new version differs by 27 commits.
  • fd50090 Release v3.2.3
  • d34fdbf Temporarily comment out codecov action
  • cefad41 Replace README.md travis badge with github actions
  • 7601ff4 Fixup github actions workflow file
  • de9dc67 Add GitHub Workflow for tests. fixes #1333
  • aa9e5b9 Fix prototype pollution security issue. fixes #1331
  • f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (#1329)
  • f91f1c3 Fix `groupby` example formatting
  • 7ef121c Add base and default args to int filter
  • 0c02062 Use attribute getter for `sort` filter
  • c7337e7 Release v3.2.2
  • bea3a43 CHANGELOG: Fix issue link
  • 8186d4f Don't append extra newline when using |indent filter
  • 73a4eb3 Document `with context` behavior for `import` directive (fr)
  • eea081c Document `with context` behavior for `import` directive
  • bbcbaf3 Fix issue where sync render would not raise errors in included templates
  • 63c4baf Remove development files from NPM package. Fixes #984
  • 85918ef Document `if` statement with multiple conditions (fr). refs #1284
  • 7ddd747 Document `if` statement with multiple conditions
  • 1e29863 Add support for nested attributes in `groupBy` filter. Fixes #1198
  • 7087fa9 Fix precompile bin TypeError: name.replace is not a function
  • 1736334 Modify CHANGELOG message for select/reject filters
  • 62565a1 Add `reject` filter
  • 647fc11 Change version query

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@dsamojlenko dsamojlenko temporarily deployed to c19-benefits-snyk-fix-0-kawagz February 26, 2021 03:12 Inactive
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maxneuvians @dsamojlenko @snyk-bot