Skip to content

[Snyk] Upgrade underscore from 1.9.1 to 1.12.1#3

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-upgrade-01a82902dcf9143530bac5c3f40c1b52
Open

[Snyk] Upgrade underscore from 1.9.1 to 1.12.1#3
snyk-bot wants to merge 1 commit intomasterfrom
snyk-upgrade-01a82902dcf9143530bac5c3f40c1b52

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Apr 15, 2021

Snyk has created this PR to upgrade underscore from 1.9.1 to 1.12.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-03-15.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 558/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 3.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: underscore
  • 1.12.1 - 2021-03-15

    Security fix in _.template and restored optimization in _.debounce.

  • 1.12.0 - 2020-11-24

    _.get, _.toPath, bugfixes, compatibility, performance and testing.

  • 1.11.0 - 2020-08-28

    Prepare 1.11.0

  • 1.10.2 - 2020-03-30

    Underscore.js 1.10.2

  • 1.10.1 - 2020-03-30

    Underscore.js 1.10.1

  • 1.10.0 - 2020-03-30
  • 1.9.2 - 2020-01-06
  • 1.9.1 - 2018-05-31
from underscore GitHub release notes
Commit messages
Package name: underscore
  • bf5a0ed Merge branch 'template-variable-parameter'
  • 7e3d404 Update annotated sources and minified bundles for 1.12.1
  • 5343fbc Add version 1.12.1 to the documentation
  • 44df929 Bump the version to 1.12.1
  • 7e89b79 Un-document the fix for #2911 for the time being
  • 4c73526 Fix #2911
  • ef646cc Reflect real issue of #2911 in test from #2912
  • a6159ff Fix indentation in the test from #2912
  • 798eafa Update the link to the preview release (bugfix)
  • 07cc415 Convert all RawGit links to Statically
  • db7fb6a Add temporary note about preview release to index.html
  • 548fa01 Merge pull request #2913 from ognjenjevremovic/test/time-tampering-tests
  • 3a5c878 test: Assertion comment updates; `_.throttle` and `_.debounce`.
  • 4d5d198 test: 💍 Time tampering tests for _.throttle and _.deobounce
  • a4cc7c0 Add a test to confirm we are not vulnerable to CVE-2021-23337 (#2911)
  • 745e9b7 Merge pull request #2896 from anderlaw/master
  • af2f919 Correct "Non-numerical values in list will be ignored"
  • c9b4b63 Put back test/vendor/qunit.* static files to fix live website tests
  • 311b04e Merge pull request #2892 from kritollm/master
  • 6568211 Make a comment render more nicely
  • 0b93f06 Fixed a few more details
  • 913bcf2 Resolved changes requested.
  • 769a494 throttle cleanup
  • 03f9781 Reimplementing timer optimization #1269

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot