[Snyk] Fix for 2 vulnerabilities #35

snyk-bot · 2020-10-24T22:58:34Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: broccoli-babel-transpiler

The new version differs by 35 commits.

1c7590e 6.0.0
4b7ec8b 6.0.0-alpha.4
ed83ecb Merge pull request Fix indentation for index.html ember-cli/ember-cli#110 from rwjblue/default-to-persisting
ff13220 Update `engines` to show node@4 and higher requirement.
7e1f07a Fix test failure from upstream change in convert-source-map.
ab4eac8 Default to persistent caching.
647aa9c 6.0.0-alpha.3
b8f6370 Merge pull request Include ember-cli in blueprint package.json ember-cli/ember-cli#107 from babel/prevent-error-with-annotation
6c3640e Ensure common local plugin options do not error.
9355e7a Merge pull request rename to blueprint, move use srict into hashbang, dasherize files ember-cli/ember-cli#104 from jdalton/travis-
8311784 TravisCI: Update tested Node versions.
91cd843 Merge pull request fix: ember new|init test ember-cli/ember-cli#102 from babel/greenkeeper-clone-2.0.0
7698bd1 chore(package): update clone to version 2.0.0
25a9364 6.0.0-alpha.2
251d190 Merge pull request Remove /styles directory from skeleton. Make Broccoli preprocess app/styles. ember-cli/ember-cli#101 from babel/remove-module-metadata-feature
c1b85a8 Remove untested `exportModuleMetadata` option.
de9cd20 Merge pull request ember init fails because of a conflict with dependencies ember-cli/ember-cli#99 from babel/greenkeeper-babel-core-6.14.0
332ac0e Fix expectations
619f5c1 chore(package): update babel-core to version 6.14.0
1992353 Merge pull request Rename skeleton to blueprint ember-cli/ember-cli#95 from babel/white-list-helpers
483e5a0 Introduce helper whitelist
cd9aec9 Merge pull request skeleton.js needs big refactor + testing (its still from the original spike) ember-cli/ember-cli#89 from babel/rwjblue-patch-1
3f493c6 Allow plugins to bust the cache.
adde9b9 Merge pull request Error on ember new 'app-name' ember-cli/ember-cli#93 from babel/greenkeeper-mocha-3.0.2

See the full diff

Package name: broccoli-funnel

The new version differs by 21 commits.

483a372 release v1.0.2
d5e182d Merge pull request ember new ember-cli/ember-cli#66 from knownasilya/patch-1
d6020d7 Update minimatch to avoid vulnerability
b0678a2 release v1.0.1
d987527 Merge pull request GET http://localhost:4200/assets/app.css 404 (Not Found) ember-cli/ember-cli#58 from broccolijs/fix-annotations
2f2ecac improve DEBUG output by not displaying entire patch here.
a1bb428 [FIXES add opt-in-only annonymous analytics ember-cli/ember-cli#57] fix annotations
01b2df0 Merge pull request Added Travis. ember-cli/ember-cli#54 from twokul/version-1.0.0
39e1a0c Release 1.0.0
6dc6bfa release v0.2.15
1c0260c Merge pull request Gracefully handling bower feedback ember-cli/ember-cli#56 from broccolijs/bump-walk-sync
ab90c62 bump walk-sync
9e92607 release 0.2.14
3dc72c1 Merge pull request Init command creates application directory ember-cli/ember-cli#55 from krisselden/fix-regression
dccb2b3 Fix regression described in issue Handle bower/git install errors ember-cli/ember-cli#51
6823378 release 0.2.13
933737e use blank-object
0316bf1 release v0.2.12 (re-sync npm + git versions)
cbeb2ef release v0.2.11
45da9ad Merge pull request alias 'em' to 'ember' ember-cli/ember-cli#52 from broccolijs/loosen-dep
9f4fbe1 make looser dep

See the full diff

Package name: findup-sync

The new version differs by 1 commits.

24356dc v0.3.0

See the full diff

Package name: glob

The new version differs by 11 commits.

3a7e71d v5.0.15
841fda0 use latest minimatch
4ba54a8 Skip some tests on Windows, make others pass
3936e1e Build: Add build for node v4
c47d451 v5.0.14
821fac8 Handle ENOTSUP for sync glob as well as async
9625618 Test for when readdir raises ENOTSUP
0a2b519 Generate fixtures more effectively, with -O instead of eval
f96190b Use js for benchmark cleanup
957fd93 Fix some 'use strict' errors
bf3381e Treat ENOTSUP like ENOTDIR in readdir

See the full diff

Package name: minimatch

The new version differs by 10 commits.

81edb7c v3.0.2
6944abf Handle extremely long and terrible patterns more gracefully
8ac560e v3.0.1
4f3a8bc update tap
9cf2d88 Remove mentions of cache from readme
7df236f Use svg instead of png to get better image quality
361f803 Fixes spelling mistake from "instanting" to "instantiating"
ea0c690 update travis
270dbea v3.0.0
668a1f4 Don't package browser version

See the full diff

Package name: npm

The new version differs by 250 commits.

19397ad 5.0.1
45b13d9 update AUTHORS
25ebbb1 doc: update changelog for npm@5.0.1
7e5ce87 pacote@2.7.26
f3cb84b docs: update cli usage for test command (#16771)
acbe85b view: wait until write completes to call cb (#16791)
dc2823a docs: package-lock.json is never allowed in tarballs (#16799)
80ab521 deps: pull in dependency updates with bugfixes
e61e68d publish: adapt config for publish RegClient (#16762)
9aac984 finalize: Guard against being unable to compute _requested source
3cb8432 standard: minor linter fix
9f81483 error-handler: remove unused argument (#16757)
c3e0b42 docs: preserve same name convention for command (#16296)
6612623 ls: remove unused argument (#16756)
923fd58 utils: Remove slow assertion from module-name util (#16749)
ebafe48 hamilton: Talk less, complete more (#16750)
39495d0 5.0.0
0d91907 doc: update changelog for npm@5.0.0
8a173da docs: END OF AN ERA OF CHANGELOGS 😭
794c10e pkglock: remove packageIntegrity field of doom
674004c lifecycle: added prepack and postpack (#16725)
db76632 cacache@9.2.5
0d35975 preinstall: Runs in the final dest, not the staging folder
a976fa1 pacote: more alwaysAuth logic

See the full diff

Package name: testem

The new version differs by 250 commits.

379a0ea 1.9.0
fccb6a5 Merge pull request link to example apps ember-cli/ember-cli#898 from johanneswuerbach/glob-7
1b56c81 Replace fileset with plain glob 7
bd03b4a Merge pull request ember test works in Linux, but doesn't on Windows ember-cli/ember-cli#896 from testem/greenkeeper-bluebird-retry-0.7.0
2762202 chore(package): update bluebird-retry to version 0.7.0
729ff79 Merge pull request Trying to include a vendor js file just for tests ember-cli/ember-cli#889 from testem/greenkeeper-npmlog-3.0.0
371cd22 Merge pull request Disable wrapInEval by default. ember-cli/ember-cli#866 from tjni/metadata
476ea31 Lets custom adapters configure max decycle depth.
328a53c Passing metadata from an adapter to a reporter.
16c8f76 chore(package): update npmlog to version 3.0.0
1a9914f Merge pull request [WIP] Fix live-reload. ember-cli/ember-cli#888 from johanneswuerbach/bluebird
7fa0dfd Extract signal listeners
b97b9c2 Extract reporter creation
700732a Extract run timeout
bbca2bb Use promises (bluebird) consistently
6e4ccbb 1.8.1
c2c98c7 Merge pull request Using emberella with Brocfile.js in new ember-cli app ember-cli/ember-cli#887 from johanneswuerbach/unknown-error
c996d89 Handle different which exit codes
b71e0ca 1.8.0
6418e12 Merge pull request Ember computed aliases not working ember-cli/ember-cli#884 from johanneswuerbach/use-sinon
13595ca Unify spying and stubbing to sinon
4f142a5 Merge pull request Initializers throwing error: Uncaught ReferenceError: module is not defined ember-cli/ember-cli#782 from johanneswuerbach/parallel-integration-tests
02ac45e Use a shared cache for npm
a4bfa4e Run integration tests in parallel

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352

fix: package.json to reduce vulnerabilities

09ef174

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 2 vulnerabilities #35

[Snyk] Fix for 2 vulnerabilities #35

snyk-bot commented Oct 24, 2020

[Snyk] Fix for 2 vulnerabilities #35

Are you sure you want to change the base?

[Snyk] Fix for 2 vulnerabilities #35

Conversation

snyk-bot commented Oct 24, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: