Skip to content

[Snyk] Fix for 8 vulnerabilities#130

Open
jhamot wants to merge 1 commit intomasterfrom
snyk-fix-197e602e106eb1097dc63a00cb06840e
Open

[Snyk] Fix for 8 vulnerabilities#130
jhamot wants to merge 1 commit intomasterfrom
snyk-fix-197e602e106eb1097dc63a00cb06840e

Conversation

@jhamot
Copy link
Owner

@jhamot jhamot commented Jan 26, 2026

snyk-top-banner

Snyk has created this PR to fix 8 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • script/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Code Injection
SNYK-JS-LODASH-1040724		   398  
high severity Prototype Pollution
SNYK-JS-LODASH-567746		   317  
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		   267  
high severity Prototype Pollution
SNYK-JS-LODASH-450202		   254  
high severity Prototype Pollution
SNYK-JS-LODASH-608086		   250  
medium severity Directory Traversal
SNYK-JS-TAR-15032660		   149  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		   104  
medium severity Prototype Pollution
SNYK-JS-LODASH-15053838		   88  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

@jhamot
Copy link
Owner Author

jhamot commented Jan 26, 2026

Merge Risk: High

This upgrade includes a major version bump for npm from v6 to v7, which introduces significant breaking changes. The babel-eslint package is also deprecated.

  • npm @6.14.16 → @7.21.0 (high): Introduces a new lockfile format and now automatically installs peer dependencies, which can alter build outcomes.
  • babel-eslint @10.0.1 → @10.1.0 (low): This package is deprecated and has been replaced by @babel/eslint-parser. [4, 6, 14] While this minor update has no breaking API changes, migration to the new package is recommended.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jhamot @snyk-bot