Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade lighthouse from 6.4.1 to 7.5.0 #934

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade lighthouse from 6.4.1 to 7.5.0 #934

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 XML External Entity (XXE) Injection
SNYK-JS-XMLDOM-1084960		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lighthouse The new version differs by 250 commits.
  • 8ff570d v7.5.0 (#12500)
  • 5bf653d core(script-treemap-data): default config (#12494)
  • 76e2189 misc(treemap): esc to zoom out (#12498)
  • 78d65c8 misc(treemap): remove too similar color hues (#12497)
  • de6cbd0 misc(treemap): shade background for unused bytes (#12486)
  • fe4cced misc(treemap): update colors on enter keypress (#12496)
  • d455ac3 i18n: import new strings (#12492)
  • 187809d misc(treemap): set focus-visible styles for view mode buttons (#12495)
  • 184c92c core(fr): convert optimized-images gatherer (#12491)
  • 1624e30 misc(treemap): tweak styles for mobile (#12493)
  • 0ba2abd misc(treemap): highlight treemap node on mouse hover table row (#12483)
  • 45f8d01 report: metric filter refactor to JS and adornments (#12477)
  • 878af3c tests: update chromium installable source path (#12364)
  • 15dad39 report: map metrics to audits (#11732)
  • c12959f misc(treemap): upgrade to 3.2.0 for keyboard navigation (#12488)
  • ae117a7 misc(treemap): use 0.1 for default granularity (#12485)
  • 10e6300 core(fr): convert image-elements gatherer (#12474)
  • bc951c1 core(fr): extract warnings from gather-runner (#12469)
  • c2e0e0b tests(i18n): only accept IcuMessages in toBeDisplayString (#12487)
  • 6c52e2d misc(treemap): remove byte size from title (#12484)
  • 4d4f31e misc(treemap): add GA snippet for new property (#12481)
  • d236a70 misc: move predictive-perf off renderer i18n (#12482)
  • 3247457 misc(treemap): i18n (#12441)
  • cc00e65 core: add new CLS (all frames) to hidden metrics audit (#12476)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot