You need to sign in or sign up before continuing.
[Snyk] Security upgrade @taquito/taquito from 14.0.0 to 14.2.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-AXIOS-6144788 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @taquito/taquito
The new version differs by 201 commits.- 0192466 chore(releng) bump version to 14.2.0
- 22fd810 Reintroduce `*` to Taquito package dependencies (#2154)
- 719c313 chore(releng) bump version to 14.2.0-beta-RC.0
- d474f2a implement InMemorySigner.fromMnemonic method tz1/2/3 supported (#2116)
- 449e4bc Fix failing Algolia indexing pipeline
- fa1f824 Merge pull request #2135 from ecadlabs/dependabot/npm_and_yarn/packages/taquito/glob-parent-5.1.2
- 077899d build(deps): bump glob-parent from 3.1.0 to 5.1.2 in /packages/taquito
- 1e258db Merge pull request #2133 from ecadlabs/dependabot/npm_and_yarn/website/parse-url-8.1.0
- b746264 2087 ballot test (#2125)
- e6d566b build(deps): bump parse-url from 6.0.0 to 8.1.0 in /website
- 7965eb0 Merge pull request #2129 from ecadlabs/dependabot/npm_and_yarn/loader-utils-1.4.2
- 2e9ceba build(deps): bump loader-utils from 1.4.1 to 1.4.2
- 501b4b2 Configure NPM Workspaces (#2088)
- bc1ead4 Merge pull request #2124 from ecadlabs/dependabot/npm_and_yarn/packages/taquito/loader-utils-1.4.2
- f0c67aa Merge pull request #2121 from ecadlabs/dependabot/npm_and_yarn/website/loader-utils-1.4.2
- 294c2de Merge pull request #2119 from ecadlabs/dependabot/npm_and_yarn/website/minimatch-and-recursive-readdir-and-serve-handler-3.1.2
- df05ae8 build(deps): bump minimatch, recursive-readdir and serve-handler
- 0f25e4d build(deps): bump loader-utils from 1.4.1 to 1.4.2 in /website
- b36f788 build(deps): bump loader-utils from 1.4.1 to 1.4.2 in /packages/taquito
- 2a0228f Merge pull request #2111 from ecadlabs/dependabot/npm_and_yarn/loader-utils-1.4.1
- e83bd2e Prepare readme i18n (#2079)
- d9e3c7f build(deps): bump loader-utils from 1.4.0 to 1.4.1
- 6285cee Add proposals operation support (#2112)
- 2d08306 1630 ballot (#2107)
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: