[Snyk] Upgrade cross-env from 6.0.3 to 7.0.3

[claireksnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade cross-env from 6.0.3 to 7.0.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2020-12-01.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-GETOBJECT-1054932	375/1000 Why? CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	375/1000 Why? CVSS 7.5	Proof of Concept
	Uncaught Exception SNYK-JS-ENGINEIO-2336356	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	375/1000 Why? CVSS 7.5	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-GRUNT-2635969	375/1000 Why? CVSS 7.5	Proof of Concept
	Race Condition SNYK-JS-GRUNT-2813632	375/1000 Why? CVSS 7.5	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	375/1000 Why? CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-KARMA-2396325	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-LOG4JS-2348757	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: cross-env

• 7.0.3 - 2020-12-01
  

  7.0.3 (2020-12-01)

  Bug Fixes

  • add maintenance mode notice (fe80c84)
• 7.0.2 - 2020-03-05
  

  7.0.2 (2020-03-05)

  Reverts

  • Revert "fix: signal handling (#227)" (2a1f44c), closes #227
• 7.0.1 - 2020-03-03
  

  7.0.1 (2020-03-03)

  Bug Fixes

  • signal handling (#227) (8a9cf0e)
• 7.0.0 - 2020-01-25
  

  7.0.0 (2020-01-25)

  Features

  • update dependencies (#223) (4ec6f40)

  BREAKING CHANGES

  • Drop Node 8 support
• 6.0.3 - 2019-10-02
  

  6.0.3 (2019-10-02)

  Bug Fixes

  • do not compile anything (67f21c3)

from cross-env GitHub release notes

Commit messages

Package name: cross-env

• bb0287b docs: add dsbert as a contributor (A grammatical change  moment/moment#260)
• 6f571e1 docs: Update README.md (Consider adding support for all formatting tokens as parsing tokens  moment/moment#259)
• fe80c84 fix: add maintenance mode notice
• 07a91d6 chore: Update validate.yml (moment().diff returns negative value moment/moment#255)
• b2a610b chore(validate): Filter out all-contributors branches (Add support for S SS SSS parsing tokens (milliseconds) moment/moment#254)
• 54eec15 chore: only run push jobs on releasable branches (play nicely within an Ender build moment/moment#253)
• 8edd827 chore: Switch to GitHub Actions (Document method for determining whether a moment() is valid moment/moment#251)
• ed844af docs: add devuxer as a contributor (Add docs on moment.unix and moment.fn.unix moment/moment#241)
• bddb4d5 docs: add multi vars example to README (Add unit tests for Korean month parsing moment/moment#240)
• 9a5a9bd chore: Only release on original repo (Documentation typo moment/moment#237)
• 1394cc8 chore: Test on Node 14 (Use a duration object moment/moment#236)
• dfefcab chore: update dependencies + use kcd-scripts' husky (Moment.js overflows in parsing moment/moment#235)
• 2a1f44c Revert "fix: signal handling (Deprecate format tokens 'z zz' moment/moment#227)"
• 8a9cf0e fix: signal handling (Deprecate format tokens 'z zz' moment/moment#227)
• 0838ef9 docs: remove codefund
• be7ed67 chore: update dependencies (Added Japanese ext and Changed some format in Chinese moment/moment#229)
• b5f9647 docs: add lauriii as a contributor (The Finnish translation moment/moment#226)
• 9cce066 docs: update warning about Node versions (The Finnish translation moment/moment#225)
• fdde9bb docs: add MichaelDeBoey as a contributor (Fixed one o'clock bug for Galician with calendar. moment/moment#224)
• 4ec6f40 feat: update dependencies (Failing Unit Tests. moment/moment#223)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs