Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 7 vulnerabilities #90

Open
wants to merge 1 commit into
base: next
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-DOTPROP-543489
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MINIMIST-559764
Yes Proof of Concept
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Denial of Service
SNYK-JS-NODEFETCH-674311
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042
Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept
medium severity 469/1000
Why? Has a fix available, CVSS 5.1
Denial of Service (DoS)
npm:mem:20180117
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lerna The new version differs by 250 commits.
  • 0c40a17 chore(release): publish v3.0.0
  • aa29ff5 chore(release): No more release candidates
  • 4dd10cf test(integration): Improve test root normalization pattern
  • cbac458 test(helpers): Show empty log message's prefix
  • 627cfc2 fix(publish): Improve `npm pack` experience
  • 9c767ac feat: Add @ lerna/log-packed module, extracted from npm
  • 012afcc test(publish): Avoid npm login-required validation in CI
  • 8d80b2c feat(publish): Run `npm pack` before `npm publish`
  • 088ea54 feat(npm-publish): Add npmPack export
  • be453cd feat(package): Add tarball property
  • ebc8ba6 feat(publish): Validate npm registry and package access prerequisites
  • 0097360 refactor(publish): Pass npmConfig to dist-tag methods
  • 37e3ec7 refactor(publish): Move license setup into class method
  • 410b8d5 test(npm-publish): Use actual Package instance in tests
  • 566ab0e refactor(get-npm-exec-opts): Always return env, even if empty
  • 3a5c079 chore(serialize-tempdir): Remove desperate logging
  • 3cc6ccf chore(windows): Massive simplification of tempdir serializer
  • 92e48c1 test: Move windows path serializer 'before' tempdir serializer
  • 9c030c6 chore(pkg-matchers): Normalize backslashes of version comparison
  • 00436cd Revert "fix(add): Always use POSIX paths when computing relative file: specifiers"
  • aae9adb chore(windows): Add ludicrous logging to serialize-tempdir
  • ffe354f fix(add): Always use POSIX paths when computing relative file: specifiers
  • 16d93b6 test(listable): Turn off chalk so stuff doesn't fail in CI
  • 1d6fbc0 chore(windows): join the wack to the whack path

See the full diff

Package name: lerna-changelog The new version differs by 35 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant