[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.3 #29

snyk-bot · 2021-04-19T21:51:04Z

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 69 versions ahead of your current version.
The recommended version was released 22 days ago, on 2021-03-28.

Release notes

Package name: uglify-js

3.13.3 - 2021-03-28
Features
- support logical assignment operator (f9055df, e7be38b, 40ef074, daa8319)
- improve compress efficiency on block scope (d559960)
Bug Fixes
- default parameter (78e3936)
- function literal (39df3a1)
- static class field (03c5ecb)
3.13.2 - 2021-03-21
Features
- support exponentiation assignment operator (01aa078)
- flexible handling of __PURE__ through new annotations option (3b5d501)
- retain class names via keep_fnames (997d09b)
- better formatting of comments under beautify (7d595e2)
- import/export { foo as foo }; ➡️ import/export { foo }; (2411132)
- var f = async function*() { ... }; ➡️ async function* f() { ... } (b244b4e)
Bug Fixes
- arguments object (9faee3b)
- arrow function (e124ef5)
- async function (c36c3cb)
- BigInt literal (3016a78)
- comma operator (24619da)
- delete operator (48c46fa, 2508481)
- export statement (6f3ab09, b872ffe)
- generator function (73e6b25, 7da49b5)
- iteration statement (e821787)
- logical operator (b89cc84)
- new.target (352a944, 2508481)
- numeric literal (aa6e33e)
- spread syntax (2619bff, 149d75c, d837a46)
- super keyword (77c9116)
- template literal (176581d)
- Unicode escape sequence (9fc0ff5)
- var statement (9a95430)
3.13.1 - 2021-03-12
3.13.0 - 2021-03-01
3.12.8 - 2021-02-13
3.12.7 - 2021-02-06
3.12.6 - 2021-01-31
3.12.5 - 2021-01-19
3.12.4 - 2021-01-01
3.12.3 - 2020-12-22
3.12.2 - 2020-12-16
3.12.1 - 2020-11-30
3.12.0 - 2020-11-22
3.11.6 - 2020-11-14
3.11.5 - 2020-11-03
3.11.4 - 2020-10-26
3.11.3 - 2020-10-19
3.11.2 - 2020-10-11
3.11.1 - 2020-10-04
3.11.0 - 2020-09-27
3.10.4 - 2020-09-06
3.10.3 - 2020-08-30
3.10.2 - 2020-08-23
3.10.1 - 2020-08-02
3.10.0 - 2020-06-21
3.9.4 - 2020-05-27
3.9.3 - 2020-05-13
3.9.2 - 2020-05-03
3.9.1 - 2020-04-15
3.9.0 - 2020-04-13
3.8.1 - 2020-03-28
3.8.0 - 2020-02-18
3.7.7 - 2020-02-03
3.7.6 - 2020-01-21
3.7.5 - 2020-01-12
3.7.4 - 2020-01-07
3.7.3 - 2019-12-27
3.7.2 - 2019-12-08
3.7.1 - 2019-11-30
3.7.0 - 2019-11-25
3.6.9 - 2019-11-12
3.6.8 - 2019-11-06
3.6.7 - 2019-11-02
3.6.6 - 2019-11-01
3.6.5 - 2019-10-29
3.6.4 - 2019-10-23
3.6.3 - 2019-10-19
3.6.2 - 2019-10-15
3.6.1 - 2019-10-08
3.6.0 - 2019-05-30
3.5.15 - 2019-05-21
3.5.14 - 2019-05-20
3.5.13 - 2019-05-17
3.5.12 - 2019-05-12
3.5.11 - 2019-05-06
3.5.10 - 2019-05-01
3.5.9 - 2019-04-27
3.5.8 - 2019-04-25
3.5.7 - 2019-04-24
3.5.6 - 2019-04-21
3.5.5 - 2019-04-19
3.5.4 - 2019-04-10
3.5.3 - 2019-04-01
3.5.2 - 2019-03-23
3.5.1 - 2019-03-21
3.5.0 - 2019-03-20
3.4.10 - 2019-03-15
3.4.9 - 2018-08-31
3.4.8 - 2018-08-23
3.4.7 - 2018-08-09

from uglify-js GitHub release notes

Commit messages

Package name: uglify-js

6335b5f v3.13.3
daa8319 fix corner cases with logical assignment operators (Deferred: Rename master to primary jquery/jquery#4828)
d559960 enhance `collapse_vars` ([spam] jquery/jquery#4826)
072933f diagnose GitHub Actions (Ajax: Don't auto-execute scripts unless dataType provided jquery/jquery#4825)
39df3a1 fix corner case in `functions` (Tests: Fix tests for not auto-executing scripts without dataType jquery/jquery#4824)
03c5ecb fix corner cases with `class` (jQuery ajax automatically evaluates (runs) script file jquery/jquery#4822)
40ef074 fix corner case in `comparisons` (Unintentional replacement of '%20' with '+' in ajax. jquery/jquery#4820)
78e3936 fix corner case in `inline` (append script jquery/jquery#4818)
e7be38b fix corner cases with logical assignment operators (Core: Report browser errors in parseXML jquery/jquery#4816)
44394e6 workaround `toString()` quirks on global context (Core: Make jQuery.isXMLDoc accept falsy input jquery/jquery#4814)
f9055df support logical assignment operators (Event: Make focus re-triggering not focus the original element back jquery/jquery#4813)
51bdb72 improve global context enumeration under `sandbox` ($(document).ready() not firing in Firefox for Android 83 jquery/jquery#4812)
9c01511 v3.13.2
9faee3b fix corner case in `arguments` (Build: Fix Travis build on Node.js 15 with npm 7 jquery/jquery#4810)
8ea1ced document various v8 bugs (Dimensions: Add offset prop fallback to FF for unreliable TR dimensions jquery/jquery#4808)
24619da fix corner cases in `collapse_vars` & `unused` (Dimensions: Modify reliableTrDimensions support test to account for FF jquery/jquery#4807)
b89cc84 fix corner case in `pure_getters` (Issues raised after code scan jquery/jquery#4804)
3016a78 fix corner case in `reduce_vars` (Build: Test on Node.js 15 jquery/jquery#4802)
2508481 fix corner case in `evaluate` (Build: Migrate CI to GitHub Actions jquery/jquery#4800)
48c46fa fix corner case in `sequences` (jQuery.when: unnecessary asynchronous behavior when called with only one argument jquery/jquery#4798)
7da49b5 fix corner case in `collapse_vars` (Create TEST jquery/jquery#4797)
d837a46 fix corner case in `reduce_vars` (Is "click" going to be deprecated? jquery/jquery#4796)
d4303b6 build Bootstrap for verification testing (jQuery.isNumberic jquery/jquery#4795)
7d595e2 improve comment formatting logic (@dmethvin I moved this question to [separate issue](https://github.com/jquery/jquery/issues/3008). jquery/jquery#4794)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.3. See this package in npm: https://www.npmjs.com/package/uglify-js See this project in Snyk: https://app.snyk.io/org/kadirselcuk/project/28ac5072-f66b-4183-bbda-99b4324cbf96?utm_source=github&utm_medium=upgrade-pr

mistaken-pull-closer · 2021-04-19T21:51:10Z

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog · 2021-04-19T21:51:13Z

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

@pull-dog up to reprovision or provision the server.
@pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
576bdca0-a159-11eb-80ad-c38c3b69f32f

guardrails · 2021-04-19T21:51:53Z

⚠️ We detected 118 security issues in this pull request:
Mode: paranoid | Total findings: 118 | Considered vulnerability: 0

Hard-Coded Secrets (2)

jquery/test/unit/event.js

Line 1182 in d08a39e

$child.trigger( { "type": "foo", "secret": "boo!" } );

jquery/test/unit/selector.js

Line 2115 in d08a39e

assert.equal( jQuery.escapeSelector( "a0123456789b" ), "a0123456789b",

More info on how to fix Hard-Coded Secrets in General.

Insecure File Management (41)

jquery/Gruntfile.js

Line 9 in d08a39e

fs.readFileSync( filepath, { encoding: "utf8" } )

jquery/build/release.js

Line 25 in d08a39e

var contents = fs.readFileSync( filepath, "utf8" );

jquery/build/release.js

Line 27 in d08a39e

fs.writeFileSync( filepath, contents, "utf8" );

jquery/build/release/cdn.js

Line 46 in d08a39e

text = fs.readFileSync( builtFile, "utf8" )

jquery/build/release/cdn.js

Line 51 in d08a39e

fs.writeFileSync( releaseFile, text );

jquery/build/release/cdn.js

Line 74 in d08a39e

output = fs.createWriteStream(

jquery/build/release/cdn.js

Line 93 in d08a39e

fs.writeFileSync( md5file, sum );

jquery/build/release/cdn.js

Line 97 in d08a39e

archiver.append( fs.createReadStream( file ),

jquery/build/release/dist.js

Line 8 in d08a39e

const pkg = require( `${ Release.dir.repo }/package.json` );

jquery/build/release/dist.js

Line 73 in d08a39e

const readme = await fs.readFile(

jquery/build/release/dist.js

Line 106 in d08a39e

await fs.writeFile( `${ Release.dir.dist }/bower.json`, generateBower() );

jquery/build/release/dist.js

Line 108 in d08a39e

await fs.writeFile( `${ Release.dir.dist }/README.md`,

jquery/build/tasks/build.js

Line 102 in d08a39e

fs.readdirSync( `${ srcFolder }/${ prepend }${ module }` ),

jquery/build/tasks/build.js

Line 154 in d08a39e

fs.readdirSync( `${ srcFolder }/${ module }` ),

jquery/build/tasks/dist.js

Line 33 in d08a39e

text = fs.readFileSync( filename, "utf8" );

jquery/build/tasks/node_smoke_tests.js

Line 15 in d08a39e

fs.readdirSync( testsDir )

jquery/build/tasks/node_smoke_tests.js

Line 17 in d08a39e

fs.statSync( testsDir + testFilePath ).isFile() &&

jquery/build/tasks/qunit_fixture.js

Line 8 in d08a39e

fs.writeFileSync(

jquery/build/tasks/sourcemap.js

Line 13 in d08a39e

var text = fs.readFileSync( minLoc, "utf8" )

jquery/build/tasks/sourcemap.js

Line 15 in d08a39e

fs.writeFileSync( minLoc, text );

jquery/src/ajax/xhr.js

Line 24 in d08a39e

xhr.open(

jquery/test/data/jquery-1.9.1.js

Line 8753 in d08a39e

xhr.open( s.type, s.url, s.async, s.username, s.password );

jquery/test/data/jquery-1.9.1.js

Line 8755 in d08a39e

xhr.open( s.type, s.url, s.async );

jquery/test/data/testinit.js

Line 329 in d08a39e

require( [ parentUrl + "test/data/testrunner.js" ], function() {

jquery/test/data/testinit.js

Line 366 in d08a39e

require( [ parentUrl + "test/" + dep ], loadDep );

jquery/test/data/testinit.js

Line 389 in d08a39e

 require( [ "http://swarm.jquery.org/js/inject.js?" + ( new Date() ).getTime() ], 

jquery/test/jquery.js

Line 89 in d08a39e

require( [ src ], loadTests );

jquery/test/jquery.js

Line 91 in d08a39e

require( [ src ] );

jquery/test/middleware-mockserver.js

Line 134 in d08a39e

var body = fs.readFileSync( __dirname + "/data/with_fries.xml" ).toString();

jquery/test/middleware-mockserver.js

Line 214 in d08a39e

var body = fs.readFileSync( __dirname + "/data/test.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 223 in d08a39e

var body = fs.readFileSync( __dirname + "/data/csp.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 232 in d08a39e

var body = fs.readFileSync(

jquery/test/middleware-mockserver.js

Line 241 in d08a39e

var body = fs.readFileSync(

[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.3 #29

[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.3 #29

Conversation

snyk-bot commented Apr 19, 2021

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.3.

Features

Bug Fixes

Features

Bug Fixes

mistaken-pull-closer bot commented Apr 19, 2021

pull-dog bot commented Apr 19, 2021

guardrails bot commented Apr 19, 2021