Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade lighthouse from 3.0.0-beta.0 to 3.0.0 #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade lighthouse from 3.0.0-beta.0 to 3.0.0 #22

wants to merge 1 commit into from

Conversation

artdaw
Copy link
Owner

@artdaw artdaw commented Feb 22, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 753/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lighthouse The new version differs by 61 commits.
  • d6aa441 3.0.0 (#5583)
  • 4542ab6 extension: expose devtools hooks reliably (#5579)
  • db2265d core: convert requestIds before sending to backend (#5580)
  • 3474c39 core(pwa): revamp and move short_name_length audit (#4860)
  • 341f0a8 core: remove dependency on DevtoolsTimelineModel (#5533)
  • 6e82902 core: remove WebInspector.resourceTypes references (#5556)
  • 23d635f docs(audit): add jsdoc descriptions to the audit meta properties (#5567)
  • 2815824 misc: update codeowners file (#5564)
  • cee9d55 core: [minor] migrate remaining .description -> .title
  • 9c5b76c core(tsc): make CPUNode and NetworkNode a discriminated union (#5548)
  • cf2e13a tests(smoke): remove console.timeline() call (#5560)
  • 9def0a6 move metrics into dedicated metrics/ folder
  • 38831b7 core(driver): [minor] fix spelling of evaluate (#5553)
  • 114ebf5 needs NPM as well as Node installed
  • fe0e8c1 core(trace-of-tab): remove DevTools stableSort dependency (#5532)
  • 6285e1e core(audit): align meta properties with LHR (#5540)
  • b99d517 core(network-requests): handle negative endTime (#5530)
  • 176bdb4 misc(golden-lhr): exclude audit descriptions (#5538)
  • 15ee001 docs(scoring): update metric explanations (#5528)
  • 6bf2f45 core(tsc): use Config class to define Config type (#5525)
  • 3f8b498 core: remove dependency on devtools-frontend NetworkRequest (#5451)
  • c6664f5 tests: fix golden LHR (#5529)
  • 22a606f Merge pull request #5524 from GoogleChrome/docs
  • c7304a7 add links to lighthouse docs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@artdaw @snyk-bot