Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #24

Open
wants to merge 1 commit into
base: caribou
Choose a base branch
from
Open

[Snyk] Fix for 4 vulnerabilities #24

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 Yes Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 Yes Proof of Concept
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @semantic-release/github The new version differs by 30 commits.
  • f004904 fix: adapt location to load ROUTES
  • 207b990 fix(package): @ octokit/rest v16
  • d2e397a fixup! test: adapt for GitHub’s REST API changes – mutating labels endpoints now accept a "labels" namespace
  • b0eb9bd fix: rename deprecated `@ octokit/rest` methods
  • caf1d52 test: adapt for GitHub’s REST API changes – mutating labels endpoints now accept a "labels" namespace
  • 893403c build(package): @ octokit/rest@^15.18.0
  • fe2a3fc style: fix prettier errors
  • dd8bc4d docs: update typos in code comment
  • d51858e fix: handle repository rename with search API
  • 83444bf fix: fix globbed asset sorting and deduping
  • 4748c8a chore(package): update @ octokit/rest to version 15.13.1
  • 072b112 feat: add labels to PRs and issues fixed in a release
  • c15ca0b feat: allow to disable opening and commenting on issues
  • a5c4384 docs: harmonize docs with other plugins
  • 1d3c87f fix: typos in error messages
  • cb85170 chore(package): update commitizen to version 3.0.0
  • 10f8178 test: remove unecessary `serial` tests
  • 82e17c0 chore(package): update nock to version 10.0.0
  • d25b379 fix(package): update debug to version 4.0.0
  • e2eaac8 chore(package): update xo to version 0.23.0
  • 14283d1 fix(package): update issue-parser to version 3.0.0
  • 704ac79 fix: deduplicate glob results by resolved path
  • 2090a90 chore(package): update xo to version 0.22.0
  • 152fe32 fix: compare release and PR commits with merge_commit_sha

See the full diff

Package name: git-url-parse The new version differs by 10 commits.

See the full diff

Package name: marked The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot