Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade snyk-nodejs-lockfile-parser from 1.38.0 to 1.41.0 #3796

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade snyk-nodejs-lockfile-parser from 1.38.0 to 1.41.0 #3796

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade snyk-nodejs-lockfile-parser from 1.38.0 to 1.41.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2022-06-08.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 292/1000
Why? Proof of Concept exploit, CVSS 3.7		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: snyk-nodejs-lockfile-parser from snyk-nodejs-lockfile-parser GitHub release notes
Commit messages
Package name: snyk-nodejs-lockfile-parser
  • 8f588ad Merge pull request #147 from snyk/feat/dep-graph-2
  • a203181 feat: new @ snyk/dep-graph (no more node 8)
  • 10b17e3 Merge pull request #146 from snyk/feat/revert-to-old-package-name-parsing-method
  • 1ee56f4 feat: remove npa package name parser and revert to old method
  • 0737f0b Merge pull request #144 from snyk/feat/release-1.38.2
  • d7d1e12 feat: release 1.38.2
  • 6b266cb Merge pull request #142 from snyk/chore/use-unknown-as-version
  • 4833bad chore: use 'unknown' to be consistent with other ecosystems
  • 6aed3d1 Merge pull request #141 from snyk/fix/display-unknown-version-when-missing-lock-file-entry-and-version-in-path
  • 47cf682 fix: display unknown-version instead of truncating package name when missing version in path and lock file entry

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@snyk-bot snyk-bot requested a review from a team as a code owner August 31, 2022 18:40
@JackuB JackuB closed this Sep 14, 2022
@snyk-bot snyk-bot mentioned this pull request Sep 24, 2022
Open
@chdorner-snyk chdorner-snyk mentioned this pull request Sep 30, 2022
Closed
@allRounderWiser allRounderWiser mentioned this pull request Oct 6, 2022
Open
@darscan darscan deleted the snyk-upgrade-3455a1b7cd7010ed49520025a5fede15 branch January 20, 2023 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @JackuB