[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.1 #8

snyk-bot · 2021-04-09T21:50:26Z

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 67 versions ahead of your current version.
The recommended version was released a month ago, on 2021-03-12.

Release notes

Package name: uglify-js

from uglify-js GitHub release notes

Commit messages

Package name: uglify-js

24b73a9 v3.13.1
862b1b7 fix corner cases in `merge_vars` & with `exports` (bootstrap 5 cool jquery/jquery#4762)
b4944a3 fix corner case in `merge_vars` (Widget this members are lost jquery/jquery#4760)
58362d5 build Math.js for verification testing (change wording jquery/jquery#4758)
01fa430 fix corner case in `unused` (Core: Bring back QtWebKit support for jQuery 3.x jquery/jquery#4757)
f4ee0f6 fix corner case in `unsafe` (Keyboard event.which incorrectly deprecated or documentation out of date? jquery/jquery#4755)
077512d fix corner case in `inline` (Ajax: Drop the json to jsonp auto-promotion logic jquery/jquery#4754)
e4848a7 speed up `ufuzz` asynchronous testing ([Feature request] Make it simple for the "resize" functionality in jquery-ui to not go below a minimum width/height of the parent div, and document it. jquery/jquery#4750)
f52b0e7 fix corner case in `side_effects` (Build: Use the US spelling of "favor" jquery/jquery#4752)
31e7d25 fix issues uncovered by lgtm (Trigger event on load jquery/jquery#4749)
12babdf build external projects for verification testing (.outerWidth() and .outerHeight() don't work with <a> elements in <svg> jquery/jquery#4741)
397e48b fix corner case in `collapse_vars` & `reduce_vars` (Error in jQuery.extend = jQuery.fn.extend (jquery/scr/core.js line116) jquery/jquery#4748)
c7520b4 support `new.target` (Can not load https resource for jquery CDN jquery/jquery#4746)
ad903e9 fix corner cases with `export` ([New feature] Calling the method in a new way jQuery('.button2').click.call(jQuery('.button1')); jquery/jquery#4743)
83c3838 fix corner case in `awaits` (.selector property alternative in V3 jquery/jquery#4740)
fa09f87 fix corner case in `hoist_vars` (Resolve JQMigrate Warning when using .fadeTo jquery/jquery#4739)
2db1a14 speed up `compress` tests (Build: Fix commitplease husky config jquery/jquery#4737)
dd30ed6 enhance `collapse_vars` (The commitplease hook is not working jquery/jquery#4735)
cb50a2d fix corner case in `collapse_vars` (Bug/jquery version jquery/jquery#4733)
20be520 fix corner cases in `ie8` & `side_effects` ([Duplicate] Have Trusted Types API built directly into the jQuery Core Files jquery/jquery#4731)
2a49760 enhance `side_effects` (DOMEval creating a CSP violation jquery/jquery#4727)
04ed818 improve `ufuzz` test generation (Manipulation: Avoid concatenating strings in buildFragment jquery/jquery#4724)
10ca578 fix corner case in `inline` (code.jquery.com provides an expired cert (COMODO RSA Certification Authority) jquery/jquery#4726)
955411e fix corner cases with `class` ([] jquery/jquery#4723)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.1. See this package in npm: https://www.npmjs.com/package/uglify-js See this project in Snyk: https://app.snyk.io/org/kadirselcuk/project/28ac5072-f66b-4183-bbda-99b4324cbf96?utm_source=github&utm_medium=upgrade-pr

mistaken-pull-closer · 2021-04-09T21:50:33Z

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog · 2021-04-09T21:50:36Z

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

@pull-dog up to reprovision or provision the server.
@pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
98da7ef0-997d-11eb-9889-8266927214d7

guardrails · 2021-04-09T21:51:15Z

⚠️ We detected 118 security issues in this pull request:
Mode: paranoid | Total findings: 118 | Considered vulnerability: 0

Hard-Coded Secrets (2)

jquery/test/unit/event.js

Line 1182 in b320e49

$child.trigger( { "type": "foo", "secret": "boo!" } );

jquery/test/unit/selector.js

Line 2115 in b320e49

assert.equal( jQuery.escapeSelector( "a0123456789b" ), "a0123456789b",

More info on how to fix Hard-Coded Secrets in General.

Insecure File Management (41)

jquery/Gruntfile.js

Line 9 in b320e49

fs.readFileSync( filepath, { encoding: "utf8" } )

jquery/build/release.js

Line 25 in b320e49

var contents = fs.readFileSync( filepath, "utf8" );

jquery/build/release.js

Line 27 in b320e49

fs.writeFileSync( filepath, contents, "utf8" );

jquery/build/release/cdn.js

Line 46 in b320e49

text = fs.readFileSync( builtFile, "utf8" )

jquery/build/release/cdn.js

Line 51 in b320e49

fs.writeFileSync( releaseFile, text );

jquery/build/release/cdn.js

Line 74 in b320e49

output = fs.createWriteStream(

jquery/build/release/cdn.js

Line 93 in b320e49

fs.writeFileSync( md5file, sum );

jquery/build/release/cdn.js

Line 97 in b320e49

archiver.append( fs.createReadStream( file ),

jquery/build/release/dist.js

Line 8 in b320e49

const pkg = require( `${ Release.dir.repo }/package.json` );

jquery/build/release/dist.js

Line 73 in b320e49

const readme = await fs.readFile(

jquery/build/release/dist.js

Line 106 in b320e49

await fs.writeFile( `${ Release.dir.dist }/bower.json`, generateBower() );

jquery/build/release/dist.js

Line 108 in b320e49

await fs.writeFile( `${ Release.dir.dist }/README.md`,

jquery/build/tasks/build.js

Line 102 in b320e49

fs.readdirSync( `${ srcFolder }/${ prepend }${ module }` ),

jquery/build/tasks/build.js

Line 154 in b320e49

fs.readdirSync( `${ srcFolder }/${ module }` ),

jquery/build/tasks/dist.js

Line 33 in b320e49

text = fs.readFileSync( filename, "utf8" );

jquery/build/tasks/node_smoke_tests.js

Line 15 in b320e49

fs.readdirSync( testsDir )

jquery/build/tasks/node_smoke_tests.js

Line 17 in b320e49

fs.statSync( testsDir + testFilePath ).isFile() &&

jquery/build/tasks/qunit_fixture.js

Line 8 in b320e49

fs.writeFileSync(

jquery/build/tasks/sourcemap.js

Line 13 in b320e49

var text = fs.readFileSync( minLoc, "utf8" )

jquery/build/tasks/sourcemap.js

Line 15 in b320e49

fs.writeFileSync( minLoc, text );

jquery/src/ajax/xhr.js

Line 24 in b320e49

xhr.open(

jquery/test/data/jquery-1.9.1.js

Line 8753 in b320e49

xhr.open( s.type, s.url, s.async, s.username, s.password );

jquery/test/data/jquery-1.9.1.js

Line 8755 in b320e49

xhr.open( s.type, s.url, s.async );

jquery/test/data/testinit.js

Line 329 in b320e49

require( [ parentUrl + "test/data/testrunner.js" ], function() {

jquery/test/data/testinit.js

Line 366 in b320e49

require( [ parentUrl + "test/" + dep ], loadDep );

jquery/test/data/testinit.js

Line 389 in b320e49

    
           require( [ "http://swarm.jquery.org/js/inject.js?" + ( new Date() ).getTime() ],

jquery/test/jquery.js

Line 89 in b320e49

require( [ src ], loadTests );

jquery/test/jquery.js

Line 91 in b320e49

require( [ src ] );

jquery/test/middleware-mockserver.js

Line 134 in b320e49

var body = fs.readFileSync( __dirname + "/data/with_fries.xml" ).toString();

jquery/test/middleware-mockserver.js

Line 214 in b320e49

var body = fs.readFileSync( __dirname + "/data/test.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 223 in b320e49

var body = fs.readFileSync( __dirname + "/data/csp.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 232 in b320e49

var body = fs.readFileSync(

jquery/test/middleware-mockserver.js

Line 241 in b320e49

var body = fs.readFileSync(

[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.1 #8

[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.1 #8

Conversation

snyk-bot commented Apr 9, 2021

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.1.

mistaken-pull-closer bot commented Apr 9, 2021

pull-dog bot commented Apr 9, 2021

guardrails bot commented Apr 9, 2021