Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade nunjucks from 2.5.2 to 3.2.4 #833

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

saralaw1212
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 698/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.1
Cross-site Scripting (XSS)
SNYK-JS-NUNJUCKS-5431309
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nunjucks The new version differs by 250 commits.
  • 86a77f4 Release v3.2.4
  • ec16d21 fix: html encode backslashes if used with escape filter or autoescape (#1437)
  • fd50090 Release v3.2.3
  • d34fdbf Temporarily comment out codecov action
  • cefad41 Replace README.md travis badge with github actions
  • 7601ff4 Fixup github actions workflow file
  • de9dc67 Add GitHub Workflow for tests. fixes #1333
  • aa9e5b9 Fix prototype pollution security issue. fixes #1331
  • f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (#1329)
  • f91f1c3 Fix `groupby` example formatting
  • 7ef121c Add base and default args to int filter
  • 0c02062 Use attribute getter for `sort` filter
  • c7337e7 Release v3.2.2
  • bea3a43 CHANGELOG: Fix issue link
  • 8186d4f Don't append extra newline when using |indent filter
  • 73a4eb3 Document `with context` behavior for `import` directive (fr)
  • eea081c Document `with context` behavior for `import` directive
  • bbcbaf3 Fix issue where sync render would not raise errors in included templates
  • 63c4baf Remove development files from NPM package. Fixes #984
  • 85918ef Document `if` statement with multiple conditions (fr). refs #1284
  • 7ddd747 Document `if` statement with multiple conditions
  • 1e29863 Add support for nested attributes in `groupBy` filter. Fixes #1198
  • 7087fa9 Fix precompile bin TypeError: name.replace is not a function
  • 1736334 Modify CHANGELOG message for select/reject filters

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NUNJUCKS-5431309
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants