[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.2 #16

snyk-bot · 2021-04-11T21:52:35Z

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 68 versions ahead of your current version.
The recommended version was released 21 days ago, on 2021-03-21.

Release notes

Package name: uglify-js

3.13.2 - 2021-03-21
Features
- support exponentiation assignment operator (01aa078)
- flexible handling of __PURE__ through new annotations option (3b5d501)
- retain class names via keep_fnames (997d09b)
- better formatting of comments under beautify (7d595e2)
- import/export { foo as foo }; ➡️ import/export { foo }; (2411132)
- var f = async function*() { ... }; ➡️ async function* f() { ... } (b244b4e)
Bug Fixes
- arguments object (9faee3b)
- arrow function (e124ef5)
- async function (c36c3cb)
- BigInt literal (3016a78)
- comma operator (24619da)
- delete operator (48c46fa, 2508481)
- export statement (6f3ab09, b872ffe)
- generator function (73e6b25, 7da49b5)
- iteration statement (e821787)
- logical operator (b89cc84)
- new.target (352a944, 2508481)
- numeric literal (aa6e33e)
- spread syntax (2619bff, 149d75c, d837a46)
- super keyword (77c9116)
- template literal (176581d)
- Unicode escape sequence (9fc0ff5)
- var statement (9a95430)
3.13.1 - 2021-03-12
3.13.0 - 2021-03-01
3.12.8 - 2021-02-13
3.12.7 - 2021-02-06
3.12.6 - 2021-01-31
3.12.5 - 2021-01-19
3.12.4 - 2021-01-01
3.12.3 - 2020-12-22
3.12.2 - 2020-12-16
3.12.1 - 2020-11-30
3.12.0 - 2020-11-22
3.11.6 - 2020-11-14
3.11.5 - 2020-11-03
3.11.4 - 2020-10-26
3.11.3 - 2020-10-19
3.11.2 - 2020-10-11
3.11.1 - 2020-10-04
3.11.0 - 2020-09-27
3.10.4 - 2020-09-06
3.10.3 - 2020-08-30
3.10.2 - 2020-08-23
3.10.1 - 2020-08-02
3.10.0 - 2020-06-21
3.9.4 - 2020-05-27
3.9.3 - 2020-05-13
3.9.2 - 2020-05-03
3.9.1 - 2020-04-15
3.9.0 - 2020-04-13
3.8.1 - 2020-03-28
3.8.0 - 2020-02-18
3.7.7 - 2020-02-03
3.7.6 - 2020-01-21
3.7.5 - 2020-01-12
3.7.4 - 2020-01-07
3.7.3 - 2019-12-27
3.7.2 - 2019-12-08
3.7.1 - 2019-11-30
3.7.0 - 2019-11-25
3.6.9 - 2019-11-12
3.6.8 - 2019-11-06
3.6.7 - 2019-11-02
3.6.6 - 2019-11-01
3.6.5 - 2019-10-29
3.6.4 - 2019-10-23
3.6.3 - 2019-10-19
3.6.2 - 2019-10-15
3.6.1 - 2019-10-08
3.6.0 - 2019-05-30
3.5.15 - 2019-05-21
3.5.14 - 2019-05-20
3.5.13 - 2019-05-17
3.5.12 - 2019-05-12
3.5.11 - 2019-05-06
3.5.10 - 2019-05-01
3.5.9 - 2019-04-27
3.5.8 - 2019-04-25
3.5.7 - 2019-04-24
3.5.6 - 2019-04-21
3.5.5 - 2019-04-19
3.5.4 - 2019-04-10
3.5.3 - 2019-04-01
3.5.2 - 2019-03-23
3.5.1 - 2019-03-21
3.5.0 - 2019-03-20
3.4.10 - 2019-03-15
3.4.9 - 2018-08-31
3.4.8 - 2018-08-23
3.4.7 - 2018-08-09

from uglify-js GitHub release notes

Commit messages

Package name: uglify-js

9c01511 v3.13.2
9faee3b fix corner case in `arguments` (Build: Fix Travis build on Node.js 15 with npm 7 jquery/jquery#4810)
8ea1ced document various v8 bugs (Dimensions: Add offset prop fallback to FF for unreliable TR dimensions jquery/jquery#4808)
24619da fix corner cases in `collapse_vars` & `unused` (Dimensions: Modify reliableTrDimensions support test to account for FF jquery/jquery#4807)
b89cc84 fix corner case in `pure_getters` (Issues raised after code scan jquery/jquery#4804)
3016a78 fix corner case in `reduce_vars` (Build: Test on Node.js 15 jquery/jquery#4802)
2508481 fix corner case in `evaluate` (Build: Migrate CI to GitHub Actions jquery/jquery#4800)
48c46fa fix corner case in `sequences` (jQuery.when: unnecessary asynchronous behavior when called with only one argument jquery/jquery#4798)
7da49b5 fix corner case in `collapse_vars` (Create TEST jquery/jquery#4797)
d837a46 fix corner case in `reduce_vars` (Is "click" going to be deprecated? jquery/jquery#4796)
d4303b6 build Bootstrap for verification testing (jQuery.isNumberic jquery/jquery#4795)
7d595e2 improve comment formatting logic (@dmethvin I moved this question to [separate issue](https://github.com/jquery/jquery/issues/3008). jquery/jquery#4794)
9fc0ff5 parse extended Unicode literal correctly (Core: Drop support for Edge Legacy (i.e. non-Chromium Microsoft Edge) jquery/jquery#4792)
997d09b extend `keep_fnames` to classes (Build: Explicitly exclude the queue module from the slim build jquery/jquery#4793)
b244b4e enhance "functions" (jQuery DOMSubtreeModified gets a Violation message in Google Chrome jquery/jquery#4791)
b872ffe fix corner case in `hoist_funs` ([spam] jquery/jquery#4790)
9a95430 fix corner case in `functions` (Defining any property/function on Object.prototype will cause jQuery's addBack to throw error? jquery/jquery#4789)
b98ce6c avoid flaky cases in verification testing (util_change jquery/jquery#4785)
7b43b63 ensure valid generated cases in `--reduce-test` ([spam] jquery/jquery#4787)
67f8fcb build web-tooling-benchmark for verification testing ([spam] jquery/jquery#4776)
352a944 fix corner cases with `new.target` (jQuery.parseXML should add detailed information about parse errors jquery/jquery#4784)
77c9116 fix corner case in `unsafe` (:disabled selector and IE jquery/jquery#4783)
e821787 fix corner case in `reduce_vars` (isXMLDoc() - Uncaught TypeError: Cannot read property 'namespaceURI' of undefined jquery/jquery#4782)
aa6e33e parse out-of-range numerals correctly (Add Code Integration for jQuery jquery/jquery#4781)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.2. See this package in npm: https://www.npmjs.com/package/uglify-js See this project in Snyk: https://app.snyk.io/org/kadirselcuk/project/28ac5072-f66b-4183-bbda-99b4324cbf96?utm_source=github&utm_medium=upgrade-pr

mistaken-pull-closer · 2021-04-11T21:52:40Z

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog · 2021-04-11T21:52:44Z

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

@pull-dog up to reprovision or provision the server.
@pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
3a2ad640-9b10-11eb-968a-14390542bd87

guardrails · 2021-04-11T21:53:26Z

⚠️ We detected 118 security issues in this pull request:
Mode: paranoid | Total findings: 118 | Considered vulnerability: 0

Hard-Coded Secrets (2)

jquery/test/unit/event.js

Line 1182 in 73cf8a6

$child.trigger( { "type": "foo", "secret": "boo!" } );

jquery/test/unit/selector.js

Line 2115 in 73cf8a6

assert.equal( jQuery.escapeSelector( "a0123456789b" ), "a0123456789b",

More info on how to fix Hard-Coded Secrets in General.

Insecure File Management (41)

jquery/Gruntfile.js

Line 9 in 73cf8a6

fs.readFileSync( filepath, { encoding: "utf8" } )

jquery/build/release.js

Line 25 in 73cf8a6

var contents = fs.readFileSync( filepath, "utf8" );

jquery/build/release.js

Line 27 in 73cf8a6

fs.writeFileSync( filepath, contents, "utf8" );

jquery/build/release/cdn.js

Line 46 in 73cf8a6

text = fs.readFileSync( builtFile, "utf8" )

jquery/build/release/cdn.js

Line 51 in 73cf8a6

fs.writeFileSync( releaseFile, text );

jquery/build/release/cdn.js

Line 74 in 73cf8a6

output = fs.createWriteStream(

jquery/build/release/cdn.js

Line 93 in 73cf8a6

fs.writeFileSync( md5file, sum );

jquery/build/release/cdn.js

Line 97 in 73cf8a6

archiver.append( fs.createReadStream( file ),

jquery/build/release/dist.js

Line 8 in 73cf8a6

const pkg = require( `${ Release.dir.repo }/package.json` );

jquery/build/release/dist.js

Line 73 in 73cf8a6

const readme = await fs.readFile(

jquery/build/release/dist.js

Line 106 in 73cf8a6

await fs.writeFile( `${ Release.dir.dist }/bower.json`, generateBower() );

jquery/build/release/dist.js

Line 108 in 73cf8a6

await fs.writeFile( `${ Release.dir.dist }/README.md`,

jquery/build/tasks/build.js

Line 102 in 73cf8a6

fs.readdirSync( `${ srcFolder }/${ prepend }${ module }` ),

jquery/build/tasks/build.js

Line 154 in 73cf8a6

fs.readdirSync( `${ srcFolder }/${ module }` ),

jquery/build/tasks/dist.js

Line 33 in 73cf8a6

text = fs.readFileSync( filename, "utf8" );

jquery/build/tasks/node_smoke_tests.js

Line 15 in 73cf8a6

fs.readdirSync( testsDir )

jquery/build/tasks/node_smoke_tests.js

Line 17 in 73cf8a6

fs.statSync( testsDir + testFilePath ).isFile() &&

jquery/build/tasks/qunit_fixture.js

Line 8 in 73cf8a6

fs.writeFileSync(

jquery/build/tasks/sourcemap.js

Line 13 in 73cf8a6

var text = fs.readFileSync( minLoc, "utf8" )

jquery/build/tasks/sourcemap.js

Line 15 in 73cf8a6

fs.writeFileSync( minLoc, text );

jquery/src/ajax/xhr.js

Line 24 in 73cf8a6

xhr.open(

jquery/test/data/jquery-1.9.1.js

Line 8753 in 73cf8a6

xhr.open( s.type, s.url, s.async, s.username, s.password );

jquery/test/data/jquery-1.9.1.js

Line 8755 in 73cf8a6

xhr.open( s.type, s.url, s.async );

jquery/test/data/testinit.js

Line 329 in 73cf8a6

require( [ parentUrl + "test/data/testrunner.js" ], function() {

jquery/test/data/testinit.js

Line 366 in 73cf8a6

require( [ parentUrl + "test/" + dep ], loadDep );

jquery/test/data/testinit.js

Line 389 in 73cf8a6

    
           require( [ "http://swarm.jquery.org/js/inject.js?" + ( new Date() ).getTime() ],

jquery/test/jquery.js

Line 89 in 73cf8a6

require( [ src ], loadTests );

jquery/test/jquery.js

Line 91 in 73cf8a6

require( [ src ] );

jquery/test/middleware-mockserver.js

Line 134 in 73cf8a6

var body = fs.readFileSync( __dirname + "/data/with_fries.xml" ).toString();

jquery/test/middleware-mockserver.js

Line 214 in 73cf8a6

var body = fs.readFileSync( __dirname + "/data/test.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 223 in 73cf8a6

var body = fs.readFileSync( __dirname + "/data/csp.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 232 in 73cf8a6

var body = fs.readFileSync(

jquery/test/middleware-mockserver.js

Line 241 in 73cf8a6

var body = fs.readFileSync(

[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.2 #16

[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.2 #16

Conversation

snyk-bot commented Apr 11, 2021

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.2.

Features

Bug Fixes

mistaken-pull-closer bot commented Apr 11, 2021

pull-dog bot commented Apr 11, 2021

guardrails bot commented Apr 11, 2021