Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade chownr from 1.0.1 to 1.1.3 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade chownr from 1.0.1 to 1.1.3 #5

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade chownr from 1.0.1 to 1.1.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2019-09-25.

The recommended version fixes:

Severity Issue Exploit Maturity
Time of Check Time of Use (TOCTOU)
npm:chownr:20180731		 No Known Exploit
Release notes
Package name: chownr from chownr GitHub release notes
Commit messages
Package name: chownr
  • deaa058 1.1.3
  • 190e311 Don't early-capture the fs.lchownSync method
  • df2826a push to git with 1 command, not 2
  • cf3b27b 1.1.2
  • da434c3 .travis version update
  • 32723fe Remove fundamentally broken symlink tests
  • b06e7ef Handle EISDIR from lchown in node <10.6
  • 7a5c3d5 1.1.1
  • 03eb97e Fix bug working on network-path files on windows
  • 76c21fa 1.1.0
  • e8f0dc7 auto-publish scripts
  • b196e0e add tests for old readdir support
  • e06dd8a Avoid unnecessary stats on node v10.10 and above
  • 36a93e3 use lchown to address part 1 of TOCTOU issue
  • a631d84 use lchown instead of chown, if available
  • cdd4ce7 use modern JavaScript
  • d548650 update tap
  • 924de1e update travis

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"chownr","from":"1.0.1","to":"1.1.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/purplebacon/project/28daa3aa-edf6-43ca-8b8a-19d60da5f794?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"28daa3aa-edf6-43ca-8b8a-19d60da5f794","env":"prod","prType":"upgrade","vulns":["npm:chownr:20180731"],"issuesToFix":[{"issueId":"npm:chownr:20180731","severity":"medium","title":"Time of Check Time of Use (TOCTOU)","exploitMaturity":"no-known-exploit"}],"upgrade":["npm:chownr:20180731"],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2019-09-25T05:49:10.172Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot