Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #1

Merged
merged 1 commit into from
Feb 26, 2023
Merged

[Snyk] Fix for 6 vulnerabilities #1

merged 1 commit into from
Feb 26, 2023

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-MERGE-1040469		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-MERGE-1042987		 Yes Proof of Concept
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Improper Privilege Management
SNYK-JS-SHELLJS-2332187		 No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: chalk The new version differs by 53 commits.

See the full diff

Package name: find-node-modules The new version differs by 13 commits.

See the full diff

Package name: shelljs The new version differs by 222 commits.
  • 70668a4 0.8.5
  • d919d22 fix(exec): lockdown file permissions (#1060)
  • fcf1651 0.8.4
  • a1111ee Silence potentially upcoming circular dependency warning (#973)
  • d4d1317 0.8.3
  • db317bf Add test case for sed on empty file (#904)
  • 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
  • 6b3c7b1 refactor: don't expose tempdir in common.state (#903)
  • 4bd22e7 chore(ci): fix codecov on travis (#897)
  • 2b3b781 fix: silent exec (#892)
  • 37acb86 chore(npm): add ci-or-install script (#896)
  • 4e861db chore(appveyor): run entire test matrix (#886)
  • d079515 docs: remove gitter badge (#880)
  • 4113a72 grep includes the i flag (#876)
  • 8dae55f Fix(which): match only executable files (#874)
  • 6d66a1a chore: rename some tests (#871)
  • 131b88f Fix cp from readonly source (#870)
  • 1dd437e fix(mocks): fix conflict between mocks and skip (#863)
  • 72ff790 chore: bump dev dependencies and add package-lock (#864)
  • 93bbf68 Prevent require-ing bin/shjs (#848)
  • aa9d443 chore: output npm version in travis (#850)
  • 4733a32 chore(appveyor): do not use latest npm (#847)
  • dd5551d chore: update shelljs-release version (#846)
  • 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Package name: yargs The new version differs by 250 commits.
  • a6e67f1 chore(release): 13.2.4
  • fc13476 chore: update standard-verison dependency
  • bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (#1317)
  • a3a5d05 docs: fix a broken link to MS Terminology Search (#1341)
  • b4f8018 build: add .versionrc that hides test/build
  • 0c39183 chore(release): 13.2.3
  • 08e0746 chore: update deps (#1340)
  • 843e939 docs: make `--no-` boolean prefix easier to find in the docs (#1338)
  • 84cac07 docs: restore removed changelog of v13.2.0 (#1337)
  • b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (#1330)
  • c294d1b test: accept differently formatted output (#1327)
  • ac3f10c chore: move .hbs templates into .js to facilitate webpacking (#1320)
  • 0295132 fix: address issues with dutch translation (#1316)
  • 9f2468e doc: clarify parserConfiguration object structure (#1309)
  • e7f2937 chore(release): 13.2.2
  • edd0bb5 test: correct test description
  • 03a9523 chore: forgoing dropping Node 6 until yargs@14 (#1308)
  • 14920d1 docs: remove --save option as it isn't required anymore (#1301)
  • 545c7f1 test: slightly reworded one test
  • 4375680 chore(release): 13.2.1
  • dfcaa68 test: slight edit to test wording
  • 3180224 fix: add zsh script to files array
  • 0a96394 fix: support options/sub-commands in zsh completion
  • 48249a2 chore(release): 13.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

@GeneralX1 GeneralX1 merged commit 28e73f2 into master Feb 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @GeneralX1