Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade play-sound from 0.0.7 to 1.1.6 #16

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade play-sound from 0.0.7 to 1.1.6 #16

wants to merge 1 commit into from

Conversation

bitjson
Copy link
Owner

@bitjson bitjson commented Aug 31, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 691/1000
Why? Recently disclosed, Has a fix available, CVSS 8.1		 Command Injection
SNYK-JS-FINDEXEC-5876637		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: play-sound The new version differs by 55 commits.
  • 25989f8 1.1.6
  • 38a6381 Update lock files
  • 4d9705a Update find-exec version
  • 7b1c804 1.1.5
  • e6ea575 Update find-exec to 1.0.2
  • 22e1aea 1.1.4
  • c4b6494 Update readme
  • 7741e16 Update mocha
  • 8e45a33 Merge pull request #46 from shime/dependabot/npm_and_yarn/path-parse-1.0.7
  • 2ccc128 Bump path-parse from 1.0.6 to 1.0.7
  • 63d7762 Merge pull request #40 from jirick1987/vlc-commandline
  • b0f9184 Merge branch 'master' into vlc-commandline
  • ba16cc4 Merge pull request #33 from mykeels/master
  • d0f1469 Fix typo in Github action
  • 6cd1eb0 Change test command for windows
  • 4765c5f Add yarn.lock
  • e6be529 Replace Travis with Github Actions
  • 892a5a2 added vlc commandline player
  • 69bb59b feat: allow playing on windows with powershell
  • 0534507 1.1.3
  • b45b691 Merge pull request #29 from unional/patch-1
  • d45db38 test: update devDeps and fix tests
  • 5e56042 Update .travis.yml
  • c0249f6 Add package-lock.json

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
e2c1f27 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FINDEXEC-5876637
@bitjson bitjson mentioned this pull request Nov 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bitjson @snyk-bot