Skip to content

[Snyk] Security upgrade contentful-import from 8.2.9 to 8.2.19#2089

Closed
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-ed3388a171261581780afe45640e26ec
Closed

[Snyk] Security upgrade contentful-import from 8.2.9 to 8.2.19#2089
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-ed3388a171261581780afe45640e26ec

Conversation

@snyk-bot
Copy link
Copy Markdown
Contributor

@snyk-bot snyk-bot commented Dec 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/botonic-plugin-contentful/package.json
    • packages/botonic-plugin-contentful/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: contentful-import The new version differs by 20 commits.
  • 42445df fix(chore): remove unused dependencies (Chore/pre commit eslint #563)
  • 55ea2bd build(deps): bump contentful-management from 7.42.2 to 7.42.3
  • 2b88713 build(deps-dev): bump eslint-plugin-jest from 25.0.1 to 25.0.5
  • 8d00ef5 build(deps-dev): bump eslint-plugin-jest from 24.5.2 to 25.0.1
  • 031d406 build(deps-dev): bump babel-jest from 27.2.4 to 27.2.5
  • 0bf3f44 build(deps): bump contentful-management from 7.42.1 to 7.42.2
  • 3d31e95 build(deps): bump contentful-management from 7.42.0 to 7.42.1
  • 7a7cb31 build(deps): bump contentful-management from 7.41.1 to 7.42.0
  • 971a002 build(deps): bump contentful-management from 7.41.0 to 7.41.1
  • 48e881f build(deps-dev): bump eslint-plugin-jest from 24.5.0 to 24.5.2
  • effc7e9 build(deps-dev): bump babel-jest from 27.2.3 to 27.2.4
  • 961ec11 Merge pull request chore(deps): bump aws-sdk from 2.616.0 to 2.618.0 #550 from contentful/dependabot/npm_and_yarn/eslint-plugin-jest-24.5.0
  • 6197ebc build(deps-dev): bump eslint-plugin-jest from 24.4.3 to 24.5.0
  • 3e8f653 build(deps-dev): bump eslint-plugin-jest from 24.4.2 to 24.4.3
  • 6c47ed6 build(deps-dev): bump babel-jest from 27.2.2 to 27.2.3
  • 28121d1 build(deps): bump contentful-management from 7.40.0 to 7.41.0
  • 4354d53 build(deps): bump contentful-management from 7.39.1 to 7.40.0
  • e078e33 build(deps-dev): bump babel-jest from 27.2.1 to 27.2.2
  • de2ddd9 build(deps): bump yargs from 17.2.0 to 17.2.1
  • 6485ef2 build(deps): bump yargs from 17.1.1 to 17.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: packages/botonic-plugin-contentful/package.json & packages/boton…
dc92e6b 
…ic-plugin-contentful/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
@vanbasten17 vanbasten17 deleted the snyk-fix-ed3388a171261581780afe45640e26ec branch December 13, 2021 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot @vanbasten17