Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #23

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: hosted-git-info The new version differs by 95 commits.
  • a810463 chore(release): 3.0.8
  • bede0dc fix: simplify the regular expression for shortcut matching
  • afe2808 chore(release): 3.0.7
  • eb5bd5a fix: correctly filter out urls for tarballs in gitlab
  • d30f96e chore(release): 3.0.6
  • c067102 fix: support to github gist legacy hash length
  • c53c6ab chore(release): 3.0.5
  • 167cef2 chore: properly advertise version support
  • 47c931e update lru-cache to latest
  • 8e0b0ec chore(release): 3.0.4
  • 0835306 fix: Do not pass scp-style URLs to the WhatWG url.URL
  • 6f39e93 chore(release): 3.0.3
  • 31140a7 Ensure passwords in hosted Git URLs are correctly escaped
  • 4636ac9 chore(release): 3.0.2
  • 3e5fbec fix: do not encodeURIComponent the domain
  • 97c8caa chore(release): 3.0.1
  • e3e3054 fix: update pathmatch for gitlab
  • af4835c test: added script to get coverage report
  • d04239b test: removed unused testing structure
  • 4693b9c test: moved all github url tests together
  • a03d51e test: added refactered tests for bitbucket
  • 0aea712 test: added ignore; for 100% testing (this seems wonky)
  • b473c55 test: added basic test for ._fill() method
  • fa87af7 fix: updated pathmatch for gitlab

See the full diff

Package name: init-package-json The new version differs by 39 commits.

See the full diff

Package name: normalize-package-data The new version differs by 23 commits.

See the full diff

Package name: npm-package-arg The new version differs by 57 commits.

See the full diff

Package name: read-package-json The new version differs by 17 commits.
  • 9f7049d chore(release): 3.0.0
  • 19d9fbe fix: check-in updated lockfile
  • eef46fa chore: add engines definition
  • 36b7ef7 chore: remove old .travis.yml envs
  • b3a8831 globa@7.1.6
  • fb3ceae json-parse-even-better-errors@2.3.1
  • 78add03 npm-normalize-package-bin@1.0.1
  • 7595d70 normalize-package-data@3.0.0
  • 10175d8 chore(release): 2.1.2
  • fdbf082 fix: even better json errors, remove graceful-fs
  • e78afd6 chore(release): 2.1.1
  • b8cb5fa fix: normalize and sanitize pkg bin entries
  • 55382c2 chore(release): 2.1.0
  • 0a176cc Add some tests and clean up error handling for non-string bins
  • 76f6f42 feat: support bundleDependencies: true
  • 4e1e4d2 some tests for index.js parsing
  • 67f2d8d chore: update CI for current Node LTS

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant