[Snyk] Upgrade optionator from 0.8.3 to 0.9.3 #66

NOUIY · 2024-03-05T09:50:58Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade optionator from 0.8.3 to 0.9.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released 8 months ago, on 2023-06-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	292/1000 Why? Proof of Concept exploit, CVSS 3.7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: optionator

0.9.3 - 2023-06-28
version 0.9.3
0.9.2 - 2023-06-28
version 0.9.2
0.9.1 - 2020-04-04
version 0.9.1
0.9.0 - 2020-04-04
version 0.9.0
0.8.3 - 2019-11-06
version 0.8.3

from optionator GitHub release notes

Commit messages

Package name: optionator

04e7731 0.9.3
8cd0026 fix require of word-wrap
eb994d6 Merge pull request [pull] master from nvuillam:master #46 from cloudcome/patch-1
ed05288 fix: update word-wrap dependency to @ aashutoshrathi/word-wrap
dd770bc 0.9.2
06fd3a5 Update word-wrap dependency to address CVE
00ca190 Merge pull request [Snyk] Security upgrade alpine from 3.12 to 3.16 #43 from gkz/dependabot/npm_and_yarn/flat-and-mocha-5.0.2
885243f Bump flat and mocha
8f6ac4b Merge pull request [Snyk] Upgrade optionator from 0.8.3 to 0.9.1 #38 from gkz/dependabot/npm_and_yarn/glob-parent-5.1.2
e3daf6a Bump glob-parent from 5.1.1 to 5.1.2
b0f78d4 Merge pull request [Snyk] Upgrade java-caller from 2.4.0 to 2.7.0 #37 from gkz/dependabot/npm_and_yarn/lodash-4.17.21
0f846c9 Bump lodash from 4.17.19 to 4.17.21
b61720a Merge pull request [Snyk] Upgrade node-sarif-builder from 2.0.2 to 2.0.3 #36 from gkz/dependabot/npm_and_yarn/y18n-4.0.1
4ab1ea7 Bump y18n from 4.0.0 to 4.0.1
edf06f9 Merge pull request [Snyk] Upgrade java-caller from 2.4.0 to 2.5.0 #32 from gkz/dependabot/npm_and_yarn/lodash-4.17.19
da0ae64 Bump lodash from 4.17.15 to 4.17.19
1fd04d6 0.9.1
165f6c1 update package lock
b102661 update levn dep
b6fef87 0.9.0
7654f0c update range used in package.json
2bb29e5 update deps

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade optionator from 0.8.3 to 0.9.3. See this package in npm: https://www.npmjs.com/package/optionator See this project in Snyk: https://app.snyk.io/org/nexuscompute/project/f19ac175-c26b-43f9-a21f-9ded168131ce?utm_source=github&utm_medium=referral&page=upgrade-pr

guardrails · 2024-03-05T09:51:31Z

⚠️ We detected 6 security issues in this pull request:

Vulnerable Libraries (6)

Severity	Details
High	pkg:npm/@babel/core@7.18.9 (t) upgrade to: > 7.18.9
High	pkg:npm/amplitude@5.2.0 (t) upgrade to: > 5.2.0
Medium	pkg:npm/semver@7.3.7 (t) upgrade to: 7.5.2
Medium	pkg:npm/@babel/eslint-parser@7.18.9 (t) upgrade to: > 7.18.9
Medium	pkg:npm/axios@0.21.4 (t) upgrade to: 1.6.0
Critical	pkg:npm/ip@1.1.8 (t) - no patch available

More info on how to fix Vulnerable Libraries in JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

github-actions · 2024-03-05T10:05:57Z

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ DOCKERFILE	hadolint	1		0	0.05s
✅ GROOVY	npm-groovy-lint	1	0	0	11.3s
✅ JAVASCRIPT	eslint	98	0	0	4.51s
✅ JSON	eslint-plugin-jsonc	9	0	0	2.09s
✅ JSON	jsonlint	9		0	0.16s
✅ JSON	npm-package-json-lint	yes		no	0.44s
✅ JSON	prettier	9	0	0	1.54s
✅ JSON	v8r	9		0	59.61s
⚠️ MARKDOWN	markdownlint	6	2	10	1.22s
✅ MARKDOWN	markdown-link-check	6		0	1.29s
✅ MARKDOWN	markdown-table-formatter	6	2	0	0.68s
❌ REPOSITORY	checkov	yes		6	10.1s
✅ REPOSITORY	gitleaks	yes		no	6.15s
✅ REPOSITORY	git_diff	yes		no	0.06s
✅ REPOSITORY	secretlint	yes		no	1.07s
❌ SPELL	cspell	119		1	6.61s
✅ SPELL	misspell	118	0	0	0.23s
✅ YAML	prettier	3	0	0	0.67s
✅ YAML	v8r	3		0	117.92s
✅ YAML	yamllint	3		0	0.18s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by

github-actions · 2024-04-05T01:06:03Z

This pull request has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this pull request should stay open, please remove the O: stale 🤖 label or comment on the pull request.

github-actions bot added the O: stale 🤖 label Apr 5, 2024

github-actions bot closed this Apr 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade optionator from 0.8.3 to 0.9.3 #66

[Snyk] Upgrade optionator from 0.8.3 to 0.9.3 #66

NOUIY commented Mar 5, 2024

guardrails bot commented Mar 5, 2024

github-actions bot commented Mar 5, 2024 •

edited

Loading

github-actions bot commented Apr 5, 2024

[Snyk] Upgrade optionator from 0.8.3 to 0.9.3 #66

[Snyk] Upgrade optionator from 0.8.3 to 0.9.3 #66

Conversation

NOUIY commented Mar 5, 2024

Snyk has created this PR to upgrade optionator from 0.8.3 to 0.9.3.

guardrails bot commented Mar 5, 2024

github-actions bot commented Mar 5, 2024 • edited Loading

🦙 MegaLinter status: ❌ ERROR

github-actions bot commented Apr 5, 2024

github-actions bot commented Mar 5, 2024 •

edited

Loading