Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade workbox-build from 4.3.1 to 6.0.0 #11

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade workbox-build from 4.3.1 to 6.0.0 #11

wants to merge 1 commit into from

Conversation

SNYKabbott
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/gasket-plugin-workbox/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASHTEMPLATE-1088054		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: workbox-build The new version differs by 250 commits.
  • 9cbed27 v6.0.0
  • e2bae90 Misc. webpack changes (#2683)
  • f2ef912 Re-enable yarn test
  • 1567f16 rc.0
  • 43c375f v6.0.0-rc.0
  • 5692d74 Update the stage at which the webpack plugin runs (#2675)
  • 666f7e4 Make use of AssetInfo in webpack build (#2673)
  • 06e51db Feature/workbox recipes (#2664)
  • 57ad215 Add declare to WorkboxPlugin interface (#2657)
  • c2eddf4 Mark BackgroundSyncPlugin options param as optional (#2656)
  • df93286 Don't update data: sourcemaps (#2654)
  • ed69eca Updates for html-webpack-plugin and webpack v5 (#2651)
  • bf8c949 networkTimeoutSeconds in NetworkOnly (#2620)
  • d62c185 Version bumps
  • f78cfb8 Remove importScriptsViaChunks JSDoc (#2650)
  • 00ba074 v6.0.0-alpha.3
  • 4669bdc Task needs to be async
  • cbb18c8 webpack v5 compatibility (#2641)
  • ff9d868 Adjust PrecacheEntry type to allow null revisions (#2645)
  • ae29e17 Warn when an async matchCallback is used (#2591)
  • a6751b9 Precaching updates for v6 (#2639)
  • bb21e82 Add gulp build to hint (#2629)
  • f993ab4 Add missing spaces in multiline logs (#2627)
  • 6d38919 Allow cacheKeyWillBeUsed to influence the request method check (#2616)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SNYKabbott @snyk-bot