New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade underscore.string from 3.0.3 to 3.3.5 #4

Open

snyk-bot wants to merge 1 commit into master from snyk-upgrade-6b446d3afbc054077ff368713b3e59c2

snyk-bot commented Feb 23, 2020

Snyk has created this PR to upgrade underscore.string from 3.0.3 to 3.3.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 11 versions ahead of your current version.
The recommended version was released a year ago, on 2018-10-04.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	No Known Exploit

Release notes

Package name: underscore.string

3.3.5 - 2018-10-04
Release 3.3.5
3.3.4 - 2016-02-24
3.3.4
3.3.3 - 2016-02-24
3.3.3
3.3.2 - 2016-02-24
3.3.2
3.3.0 - 2016-02-24
3.3.0
3.2.3 - 2016-01-15
3.2.3
3.2.2 - 2015-09-05
3.2.2
3.2.1 - 2015-09-02
No content.
3.2.0 - 2015-08-25
https://github.com/epeli/underscore.string/blob/master/CHANGELOG.markdown#320
3.1.1 - 2015-06-05
3.1.0 - 2015-06-05
3.0.3 - 2015-02-08

from underscore.string GitHub release notes

Commit messages

Package name: underscore.string

fde7ed6 Add 3.3.5 changelog
f486cd6 Try to fix regexp redos
2f78f0d Version 3.3.4
7d7cdc4 add missing standalone flag
f1c39b4 update workflow for updating the gh-pages
47eef95 Version 3.3.3
1ad43b7 fix script
c296e49 fix script
df3d5b1 fix version in bower/component.json
d29a43e Version 3.3.2
bba4e8f Version + 3.3.1
a4df439 Version + 3.3.1
16a7978 adds scripts to npmignore
a6d40ec Merge pull request #481 from epeli/new-build-chain
7e4efd4 adds new build chain
74f3e96 Merge pull request #489 from cahrens/patch-3
c1a3b89 Add "wrap" to exports.
d2453f4 Add test for exports.
93dffd5 Merge pull request #479 from jtangelder/update-sprintf
026a9f0 Add deprecation util for the sprintf and vsprintf functions
7c03e83 Update sprintf and vsprintf to make use of the sprintf-js package.
b22908f Relese 3.2.3
7aa6fac Merge pull request #476 from epeli/eslint
a281450 adds eslint

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"underscore.string","from":"3.0.3","to":"3.3.5"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/saurabharch/project/26683195-8e20-4178-bb51-012aec98e709?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"26683195-8e20-4178-bb51-012aec98e709","env":"prod","prType":"upgrade","vulns":["npm:underscore.string:20170908"],"issuesToFix":[{"issueId":"npm:underscore.string:20170908","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit"}],"upgrade":["npm:underscore.string:20170908"],"upgradeInfo":{"versionsDiff":11,"publishedDate":"2018-10-04T18:21:31.914Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})


          fix: upgrade underscore.string from 3.0.3 to 3.3.5

fbcc0d9

Snyk has created this PR to upgrade underscore.string from 3.0.3 to 3.3.5.

See this package in NPM:
https://www.npmjs.com/package/underscore.string

See this project in Snyk:
https://app.snyk.io/org/saurabharch/project/26683195-8e20-4178-bb51-012aec98e709?utm_source=github&utm_medium=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment