Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 3 vulnerabilities #164

Open
wants to merge 1 commit into
base: next
Choose a base branch
from

Conversation

ayishagisel
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASHTEMPLATE-1088054
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 250 commits.

See the full diff

Package name: lerna The new version differs by 250 commits.
  • 0c40a17 chore(release): publish v3.0.0
  • aa29ff5 chore(release): No more release candidates
  • 4dd10cf test(integration): Improve test root normalization pattern
  • cbac458 test(helpers): Show empty log message's prefix
  • 627cfc2 fix(publish): Improve `npm pack` experience
  • 9c767ac feat: Add @ lerna/log-packed module, extracted from npm
  • 012afcc test(publish): Avoid npm login-required validation in CI
  • 8d80b2c feat(publish): Run `npm pack` before `npm publish`
  • 088ea54 feat(npm-publish): Add npmPack export
  • be453cd feat(package): Add tarball property
  • ebc8ba6 feat(publish): Validate npm registry and package access prerequisites
  • 0097360 refactor(publish): Pass npmConfig to dist-tag methods
  • 37e3ec7 refactor(publish): Move license setup into class method
  • 410b8d5 test(npm-publish): Use actual Package instance in tests
  • 566ab0e refactor(get-npm-exec-opts): Always return env, even if empty
  • 3a5c079 chore(serialize-tempdir): Remove desperate logging
  • 3cc6ccf chore(windows): Massive simplification of tempdir serializer
  • 92e48c1 test: Move windows path serializer 'before' tempdir serializer
  • 9c030c6 chore(pkg-matchers): Normalize backslashes of version comparison
  • 00436cd Revert "fix(add): Always use POSIX paths when computing relative file: specifiers"
  • aae9adb chore(windows): Add ludicrous logging to serialize-tempdir
  • ffe354f fix(add): Always use POSIX paths when computing relative file: specifiers
  • 16d93b6 test(listable): Turn off chalk so stuff doesn't fail in CI
  • 1d6fbc0 chore(windows): join the wack to the whack path

See the full diff

Package name: lerna-changelog The new version differs by 99 commits.

See the full diff

Package name: lint-staged The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants