Skip to content

[Snyk] Security upgrade phantomjs-prebuilt from 2.1.7 to 2.1.16#3

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-95d047aebf6f476512311cbe3108e2d8
Open

[Snyk] Security upgrade phantomjs-prebuilt from 2.1.7 to 2.1.16#3
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-95d047aebf6f476512311cbe3108e2d8

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Jun 30, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: phantomjs-prebuilt The new version differs by 56 commits.
  • 0cc1407 Merge pull request #746 from avindra/patch-1
  • 2c46265 Dependencies: change tilde to caret
  • a98231b Merge pull request #733 from avindra/patch-1
  • 19c6d4c Bump package.json version
  • 65b57f7 Merge pull request #732 from Ilshidur/patch-1
  • cc52482 Dependencies update : fix security issues
  • 750d5f3 Merge pull request #653 from Medium/nicks/bump
  • 379d3ae Upgrade some deps
  • df5e2ea Merge pull request #652 from nanaya/master
  • 1d2898e Don't download osx binary on freebsd/openbsd
  • e0d2e61 Merge pull request #627 from Medium/nicks/bump
  • d652351 Update version
  • ac0da0b Merge pull request #625 from marcbachmann/patch-1
  • 1cf3ef3 Upgrade to es6-promise@4.0.3
  • 3d44598 Merge pull request #624 from jdalton/readme
  • d8ebc23 Add readme note for CI caching. [ci skip]
  • ae83e7a tweak readme text
  • b612260 Add a section to the FAQ on unsupported OSes/processors
  • 2dead42 Merge pull request #603 from Medium/nicks/bundling
  • 076b959 remove bundledDependencies.
  • b9555f1 Merge pull request #601 from carsonip/master
  • fca4006 Add bzip2 to troubleshooting
  • fdb40fe bump version
  • df332c6 Merge pull request #593 from Medium/nicks/error

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
4f65fe5 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot