Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @madie/madie-design-system from 1.0.45 to 1.2.0 #119

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade @madie/madie-design-system from 1.0.45 to 1.2.0 #119

wants to merge 1 commit into from

Conversation

sb-cecilialiu
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @madie/madie-design-system The new version differs by 85 commits.
  • 45c0fb1 Merge pull request #200 from MeasureAuthoringTool/draftPRForUpdatingDependencies
  • bd99e57 MAT-6418 updated package version
  • bc6a377 MAT-6418 fix vulnerabilities
  • c7f8a64 Merge pull request #197 from MeasureAuthoringTool/MAT-6311/fixDateBug
  • 16440f4 merged develop and increased the version
  • abbb32f Merge branch 'main' into MAT-6311/fixDateBug
  • 3fcefe9 removed the issue causing line
  • 77d3975 Merge pull request #196 from MeasureAuthoringTool/MAT-6311/fixDateBug
  • 3e4493b fixed audit issues
  • 577aeed fixing date bug
  • a7683fc Merge pull request #193 from MeasureAuthoringTool/MAT-5168-fix
  • 876236d revert packag
  • 95b11dd run install
  • d283470 fix package
  • e21c847 update to use utc from adapter
  • 7ccc519 Merge pull request #192 from MeasureAuthoringTool/MAT-6185
  • 264bb21 bump package version
  • e6c4e3f Merge pull request #191 from MeasureAuthoringTool/MAT-6185
  • 43f1204 fix input label
  • 568d655 update dateTimeField component to use utc adapter.
  • 1e0d307 Merge pull request #190 from MeasureAuthoringTool/Update-TimeField-Component
  • 614d62d Updating Time Field Component to accept additional props, and enabled TimePicker
  • cba8be3 Merge pull request #189 from MeasureAuthoringTool/decouple
  • e4d0661 Exported TimeField component

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

@sb-cecilialiu sb-cecilialiu requested a review from a team as a code owner November 10, 2023 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sb-cecilialiu @snyk-bot