Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 2 vulnerabilities #884

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 2 vulnerabilities #884

wants to merge 1 commit into from

Conversation

aliscco
Copy link
Owner

@aliscco aliscco commented Nov 29, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node_modules/eslint-module-utils/node_modules/ms/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 250 commits.
  • 80b8d5d 5.5.0
  • b68e403 Build: changelog update for 5.5.0
  • 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
  • 5103ee7 Docs: Add Brackets integration (#10813)
  • b61d2cd Update: max-params to only highlight function header (#10815)
  • 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
  • 2824d43 Docs: fix comment placement in a code example (#10799)
  • 10690b7 Upgrade: devdeps and deps to latest (#10622)
  • 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
  • cb946af Chore: use meta.messages in some rules (1/4) (#10764)
  • a857cd9 5.4.0
  • 8dee250 Build: changelog update for 5.4.0
  • a70909f Docs: Add jscs-dev.github.io links (#10771)
  • 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
  • 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
  • 985567d Chore: rm unused dep string.prototype.matchall (#10756)
  • f3d8454 Update: Improve no-extra-parens error message (#10748)
  • 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
  • 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
  • 137140f Chore: use eslintrc overrides (#10677)
  • 2af6f4f 5.3.0
  • 11e70c7 Build: changelog update for 5.3.0
  • dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
  • 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: husky The new version differs by 20 commits.

See the full diff

Package name: lint-staged The new version differs by 250 commits.
  • 885a644 Merge pull request [Snyk] Fix for 3 vulnerabilities #852 from okonet/listr2
  • aba3421 fix: all lint-staged output respects the `quiet` option
  • b8df31a fix: do not show incorrect error when verbose and no output
  • eed6198 style: simplify eslint and prettier config
  • b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
  • 2c6f3ad docs: improve `verbose` description
  • e749a0b test: remove redundant, misbehaving test
  • 16848d8 fix: use test renderer during tests and when TERM=dumb
  • efffa22 test: cover `--verbose` option usage
  • 1b18550 test: restore variable in test output
  • 6aede38 test: add test for error during merge state restoration
  • b565481 test: integration test targets the full Node.js API instead of just `runAll`
  • a3bd9d7 feat: allow specifying `cwd` using the Node.js API
  • 85de3a3 feat: add `--verbose` to show output even when tasks succeed
  • d69c65b fix: log task output after running listr to keep everything
  • e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
  • 6da7667 refactor: move messages to separate file
  • 6392480 refactor: use symbols for errors
  • 8f32a3e feat: replace listr with listr2 and print errors inline
  • c9adca5 fix: use stash create/store to prevent files from disappearing from disk
  • e093b1d fix(deps): update dependencies
  • 6066b07 fix: pass correct path to unstaged patch during cleanup
  • 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
  • 1ac6863 Merge pull request [Snyk] Fix for 1 vulnerabilities #837 from okonet/serial-git-add

See the full diff

Package name: mocha The new version differs by 41 commits.
  • 82d879f Release v3.5.0
  • bf687ce update mocha.js for v3.5.0
  • ec73c9a update date for release of v3.5.0 in CHANGELOG [ci skip]
  • 1ba2cfc update CHANGELOG.md for v3.5.0 [ci skip]
  • 065e14e remove custom install script from travis (no longer needed)
  • 4e87046 update karma-sauce-launcher URL for npm@5
  • 6886ccc increase timeout for slow-grepping test
  • 2408d90 Make dependencies use older version of readable-stream to work around incompatibilities introduced by 2.3.0 on June 19th
  • 68a1466 Try not clearing the env for debug in the integration test and see if that fixes Node 0.10 on AppVeyor; if need be, some other fix/workaround can be applied to handle whatever was up with debug without causing this issue
  • 958fbb4 Update new tests to work in browser per test hierarchy reorganization
  • 1df7c94 Merge pull request #2704 from seppevs/increase_test_coverage_of_mocha_js
  • 1f270cd Stop timing out (#2889)
  • 27c7496 upgrade to debug@2.6.8; closes #2859 (#2860)
  • 50fc47d fix CI; closes #2867 (#2868)
  • 1b1377c Add test for ignoreLeaks and fix descriptions
  • a763592 Linting
  • ebb7b48 increase test coverage of mocha.js
  • 7647e18 Linting: enforce unix line endings. Closes #2800
  • f20de56 reorganize test hierarchy; closes #2838
  • 2bc9c4d Add --forbid-only and --forbid-pending options (#2696)
  • 2928b38 ignore lockfiles for now
  • 95cf2c4 fixed array test name in mocha/test/browser/index.html
  • c0b5990 Pass flags for NAPI modules
  • e00d27b Set Node.js v.8 as a default version

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@aliscco aliscco mentioned this pull request Dec 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@aliscco @snyk-bot