Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade lighthouse from 6.4.1 to 8.1.0 #11

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade lighthouse from 6.4.1 to 8.1.0 #11

wants to merge 2 commits into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/cli/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lighthouse The new version differs by 250 commits.
  • 579e3cb v8.1.0 (#12784)
  • 22c4092 misc: run build-report for vercel deployment and lhci (#12782)
  • dec54e3 i18n: import (#12783)
  • 8c17786 tests(devtools): fix after renaming standalone-template.html (#12765)
  • 2bd13d6 tests: don't double count server network requests on retry (#12779)
  • c284253 core(fr): limit scope of audits to applicable modes (#12764)
  • f41ca8d scripts(i18n): support es modules in collect-strings (#12741)
  • 000da66 core(canonical): proper explanation for url misuse (#12676)
  • 08425f0 core(fr): split timespan support for server-response-time (#12758)
  • a1362ef core: reference chromium main instead of master (#12757)
  • 25cc9b6 core: fallback to selector, not tagName for nodeLabel (#12727)
  • 175619a core(trace): include additional perf categories (#12692)
  • 4a750a5 misc: fix common "typos" (#12742)
  • 776fc93 i18n: allow strings with duplicate message and descriptions (#12723)
  • a66ae4e new_audit(fr): uses-responsive-images-snapshot (#12714)
  • 8bb2f21 misc: get LH_ROOT via new file root.js (#12724)
  • b877878 misc(build): add build step for report (#12707)
  • 557c527 core(modern-images): update to include AVIF estimates (#12682)
  • d8d1d39 misc(scripts): improve collision check in collect-strings (#12697)
  • dbdc6a7 misc: npmignore larger unnecessary files (#12627)
  • 97caff5 tests: add explicit small-icu detection for i18n (#12696)
  • 0af83bf deps: bump axe-core to 4.2.3 (#12706)
  • a5be72c core(fr): enable traces artifact in timespan mode (#12695)
  • dddeb0d report: move renderer code to report/ (#12690)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot