-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade bootstrap-vue from 2.0.0-rc.11 to 2.23.1 #9
base: master
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade bootstrap-vue from 2.0.0-rc.11 to 2.23.1. See this package in npm: bootstrap-vue See this project in Snyk: https://app.snyk.io/org/okeamah/project/0ab18772-444e-4ffb-9359-976b5cdedfce?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Snyk has created this PR to upgrade bootstrap-vue from 2.0.0-rc.11 to 2.23.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 60 versions ahead of your current version.
The recommended version was released on 2 years ago.
Issues fixed by the recommended upgrade:
SNYK-JS-LODASH-608086
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-LODASH-6139239
SNYK-JS-BOOTSTRAPVUE-73558
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-450202
SNYK-JS-LODASH-567746
SNYK-JS-MINIMIST-559764
SNYK-JS-NODEFETCH-2342118
SNYK-JS-NODEFETCH-674311
SNYK-JS-BOOTSTRAP-173700
SNYK-JS-LODASH-1018905
SNYK-JS-MINIMIST-2429795
Release notes
Package name: bootstrap-vue
chore(release): v2.23.1
chore(release): v2.23.0
🚀 Features
b-link
exact-path
andexact-path-active-class
props for router linkb-form-tags
focusin
&focusout
to wrapper and prevents firing multiplefocus
/blur
eventsfeedback-aria-live
propgeneral
headerTag
andfooterTag
props to all componets with header and footerb-dropdown
toggle-attrs
prop🐛 Bug Fixes
general
b-table
aria-sort
when usingsortKey
andno-local-sorting
role
togrid
whenselectable
andtable
otherwiserole
attributerole="grid"
when selectable.sr-only
sort labelsortKey
field type and correct a typob-skeleton
nav-item-dropdown
b-dropdown
aria-haspopup
attribute for the toggle buttonutils/dom
requestAF
towindow
docs
https://
urls in docsb-form-group
role="alert"
from valid/invalid feedbackb-input-tags
$input-color
b-link
vue-router
pass-down propsb-img-lazy
blank
placeholder for Firefoxblank-src
not workingb-form-input/b-form-textarea
🏡 Chore
tests
b-form-tags
b-from-tags
tob-form-tags
icons
docs
ci
refactor
💖 Thanks to
🐛 Bug Fixes
b-dropdown
heading
role to header when not aheader
tagb-table
responsive
andstacked
props togetheraria-describedby
when caption really existsgeneral
userAgent
b-form-datepicker/b-form-timepicker
b-sidebar
b-icon
🏡 Chore
docs
<b-form-select>
and<b-form-textarea>
docslabel-for
from<b-form-group>
's with<b-form-file>
componenticons
general
💖 Thanks to
🐛 Bug Fixes
b-tabs
b-badge
b-pagination
b-dropdown
🏡 Chore
docs
<b-form-timepicker>
"Button only mode" example markup🚀 Features
b-form-group
content-cols
props and scopeddefault
slotb-sidebar
header
slotb-form-tags
no-tags-remove
proprefactor
🐛 Bug Fixes
b-form-datepicker/b-form-timepicker
button-only
modeb-tabs
b-form-datepicker
valueAsDate
prop handlingtable
defaultSortCompare
🏡 Chore
icons
refactor
docs
highlight.js
to v10💖 Thanks to
🐛 Bug Fixes
general
table
defaultSortCompare
🚀 Features
b-form-tags
reset
method🐛 Bug Fixes
b-table
tabindex="0"
for sortable TH'sb-form-tags
b-form-spinbutton
general
b-form-input
🏡 Chore
refactor
docs
icons
option💖 Thanks to
🚀 Features
config
b-media
icons
🐛 Bug Fixes
b-dropdown
b-form-group
label-for
prop not setb-form-checkbox/b-form-radio
change
event timingb-avatar
z-index
handling🏡 Chore
docs
pageOptions
setting examplegeneral
SECURITY.md
node-sass
tosass
(Dart Sass)ci
💖 Thanks to
🐛 Bug Fixes
b-icon
b-link
href
handling with live routerb-form-group
🏡 Chore
docs
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"bootstrap-vue","from":"2.0.0-rc.11","to":"2.23.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":150,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Aug 21 2020 12:53:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00396},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Sep 12 2021 12:52:37 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00396},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Sep 12 2021 12:52:37 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":170,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Apr 15 2024 13:48:35 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.83},{"name":"scoreVersion","value":"V5"}]...