Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade simple-bin-help from 1.5.1 to 1.8.0 #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade simple-bin-help from 1.5.1 to 1.8.0 #9

wants to merge 1 commit into from

Conversation

dmitriz
Copy link
Owner

@dmitriz dmitriz commented Jul 22, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: simple-bin-help The new version differs by 96 commits.
  • 2b9d710 fix: use the path
  • 2c4097a feat: use esbuild to bundle all dependencies
  • ab291a4 fix: remove git-issues dev dependency
  • 9d42382 skip audit report
  • bf22413 fix: bump some dependencies
  • 6c055f3 bump debug module
  • 8efc680 command
  • 83f7805 run npm audit on CI
  • 2128fa3 chore(deps): update dependency semantic-release to v19.0.5
  • ae289c1 chore(deps): update dependency semantic-release to v19.0.3
  • 7aaa2a2 chore(deps): update dependency semantic-release to v19 (#99)
  • 2941a98 fix(deps): update dependency update-notifier to v5 (#87)
  • d8638f8 chore(deps): update dependency semantic-release to v18.0.1
  • 5c93c04 Update `standard` to `16.x` + run `standard --fix` + verify linting on CI (#97)
  • 6ca5de9 Merge pull request #94 from bahmutov/renovate/pin-dependencies
  • f953bad chore(deps): pin dependency semantic-release to 18.0.0
  • 4ad3566 fix: upgrade lazy-ass version to v2
  • 67f0a1c fix: update CI badge
  • 47ae0b0 fix: bump release
  • fd18989 fix: remove travis, use github actions to release
  • b6447f5 fix: Use object shorthand for properties
  • 1329857 fix(deps): update dependency debug to v3.2.7
  • e0d377b chore(deps): update dependency semantic-release to v15.14.0
  • 88e1b56 Use object shorthand for properties

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
dd6ccc7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@dmitriz @snyk-bot