Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 2 vulnerabilities #95

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1585624
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: semantic-release The new version differs by 194 commits.
  • 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
  • af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
  • 6c7e4be docs: add semantic-release-helm plugin (#1713)
  • c177d4b docs: add semantic-release-pypi plugin (#1707)
  • eb70823 docs: add semantic-release-license-plugin (#1701)
  • 885d87a feat(docs): note that publish token is required (#1700)
  • f8f8fbc fix: escape uri encoded symbols (#1697)
  • c8d38b6 style: removed line breaks to align with xo rule (#1689)
  • ca90b34 fix: mask secrets when characters get uri encoded
  • 63fa143 docs(plugins): add listing for new plugin (#1686)
  • 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
  • 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
  • d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
  • 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
  • b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
  • 18e35b2 docs: reorder default plugins list (#1650)
  • e35e5bb docs(contributing): fix commit message examples (#1648)
  • 311c465 docs(README): welcome @ travi, add alumni section
  • b4c5d0a fix: add logging for when ssh falls back to http (#1639)
  • c982249 docs(contributing): typo fix (#1638)
  • 9635f50 docs: improve github actions recipe on git plugin (#1626)
  • d036a89 ci(docs): use actions/checkout@v2 (#1620)
  • 9303d1d docs(resources.md): added more sematnic release article (#1610)
  • b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)

See the full diff

Package name: ts-jest The new version differs by 250 commits.
  • 6916e7b Merge pull request #650 from kulshekhar/kulshekhar-patch-1
  • 54a30eb Bump the version (minor)
  • 9e61969 Merge pull request #626 from huafu/feature/upgrade-babel-and-fix-tsconfig
  • ef21f50 Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
  • c67ba4d Merge pull request #649 from kulshekhar/greenkeeper/monorepo.react-16.4.2
  • 9a6904f Merge branch 'master' of https://github.com/kulshekhar/ts-jest into feature/upgrade-babel-and-fix-tsconfig
  • 8a94008 chore(package): update react-test-renderer to version 16.4.2
  • 6e73fb9 chore(package): update react to version 16.4.2
  • c947791 chore(package): update @ types/node to version 10.5.5 (#646)
  • fd24ae6 Merge pull request #640 from jmheik/to-dev-deps
  • e2028da Merge branch 'master' into to-dev-deps
  • 4396dde Merge pull request #641 from jeznag/patch-1
  • 7d78123 Merge branch 'master' into patch-1
  • b38e4ca Add TypeScript ^3.0.0 as supported peer dependencies (#644)
  • 1e287f3 Add more details on using module name mapper
  • df71945 doc: adds troubleshooting wiki page links
  • 0b2e406 Move dev only deps to devDependencies.
  • fb5cd12 chore: simplify jest config test helper + moves test utils
  • ddc8c32 chore: moves test-utils.ts in __helpers__ dir
  • a5370cf Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
  • db590d2 Update @ types/react to the latest version 🚀 (#631)
  • 4fc3933 chore: changes after GeeWee review
  • fbe4f1f perf: do not hash cache key, jest does it underneath
  • 5ab100c fix: resolves correctly config file path (fix #636)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 213226e 4.0.0
  • fde0183 Merge pull request #6081 from webpack/formating/prettier
  • b6396e7 update stats
  • f32bd41 fix linting
  • 5238159 run prettier on existing code
  • 518d1e0 replace js-beautify with prettier
  • 4c25bfb 4.0.0-beta.3
  • dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
  • 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
  • c7eb895 Merge pull request #6452 from webpack/update_acorn
  • 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
  • e52f323 optimize performance of assignDepth
  • 6bf5df5 Fixed template.md
  • 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
  • b0949cb add integration test for spread operator
  • 39438c7 unittest now also walks the ast
  • 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
  • 1611ce1 Merge pull request #6561 from joshunger/patch-1
  • 6e175bc Merge pull request #6549 from webpack/md4_hash
  • 0637531 Add a hyperlink to create a new issue
  • 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
  • 72477f4 upgrade versions to stable versions
  • ed30285 Merge pull request #6546 from webpack/bot/review-permission
  • 40ee8c7 Use MD4 for hashing

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant