Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #130

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #130

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • client/cli/package.json
    • client/cli/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bili The new version differs by 24 commits.
  • 023f2c5 feat: Upgrade Rollup and Plugins (#357)
  • a21420c fix(docs): configuration link (#355)
  • 6a58956 feat: babel support new syntax and fine tuning compile (#342)
  • 51cc78b docs: add hint for bug of rollup-plugin-vue (#343)
  • 8d69656 chore: semantic-release support more types (#338)
  • 3621d65 fix: rollup-plugin-typescript2 objectHashIgnoreUnknownHack warning (fix #305) (#339)
  • 9388b17 chore(deps-dev): bump p-waterfall from 1.0.0 to 2.1.0 (#341)
  • 0e83028 chore(deps-dev): bump @ types/babel__traverse from 7.0.10 to 7.0.11 (#340)
  • 633e01a fix: drop env.NODE_ENV from umd/iife (fix #274) (#337)
  • f15d134 chore(deps): replace `rollup-plugin-replace` with `@ rollup/plugin-replace` (#336)
  • 8bbe976 chore(build): skip lib check
  • a385899 chore(deps): bump @ babel/preset-typescript from 7.3.3 to 7.9.0 (#330)
  • 1f2bc5b chore(deps): bump @ babel/preset-env from 7.4.5 to 7.9.5 (#329)
  • c7e2be4 chore(deps-dev): bump gzip-size from 5.0.0 to 5.1.1 (#331)
  • 84f23ed chore(deps-dev): bump @ types/babel__core from 7.0.4 to 7.1.7 (#319)
  • 632cfa7 chore(deps): bump @ babel/core from 7.2.2 to 7.9.0 (#317)
  • a5a891c chore(deps-dev): bump typescript from 3.2.4 to 3.8.3 (#311)
  • 4140ca3 chore(deps-dev): bump cac from 6.4.2 to 6.5.8 (#316)
  • 5629bad chore(deps): [security] bump mixin-deep from 1.3.1 to 1.3.2 (#235)
  • 3b343f8 chore(deps): [security] bump https-proxy-agent from 2.2.1 to 2.2.4 (#265)
  • ccca20d chore(deps): [security] bump acorn from 5.7.3 to 5.7.4 (#315)
  • 4eae8bb fix(deps): [security] bump handlebars from 4.1.2 to 4.7.6 (#323)
  • a4160c5 chore(deps): [security] bump handlebars from 4.0.2 to 5.3.0 (fix #303) (#327)
  • eba6f06 feat: support scoped rollup plugin (fix #275) (#320)

See the full diff

Package name: plop The new version differs by 20 commits.
  • 2de27bf Merge pull request #169 from cspotcode/ts-declarations
  • 0224055 version update
  • 480847c Merge branch 'master' of https://github.com/shubhamzanwar/plop into shubhamzanwar-master
  • 6ec9e32 Merge branch 'ArchiCroc-bug/165'
  • a4a99d6 updates handlebars
  • 712b58f Merge branch 'master' of github.com:amwmedia/plop into bug/165
  • b433b8f detect when prompts is a function and ignore the bypass
  • 9fed9c5 fix: removing a console log
  • 9967032 bin: moving bin code to a separate file
  • 1e1759d src: exporting plop and run function
  • 2385f5a update dependencies
  • 0273167 Merge pull request #171 from amwmedia/defect/167
  • f2b73ad fixes #167 --init was causing plop to crash
  • c555f15 Merge branch 'cspotcode-dest-flag'
  • 4e485e6 adds warning about some cli switches, updates example
  • 51b7edd move declarations to src to sit alongside js and simplify package.json
  • a4b79c1 Update typescript docs
  • 6a50d17 Merge remote-tracking branch 'crutchcorn/ts-typings' into ts-declarations
  • eda8901 Adds --dest flag that sets the node-plop destBasePath, allowing you to output to a different directory than the plopfile
  • 79074c6 Export Typescript typings and add minor docs

See the full diff

Package name: update-notifier The new version differs by 23 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: client/cli/package.json & client/cli/package-lock.json to reduce…
a9fc011 
… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot