Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 2 vulnerabilities #57

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 490/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370
Yes No Known Exploit
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1
Improper Privilege Management
SNYK-JS-SHELLJS-2332187
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint-plugin-mocha The new version differs by 141 commits.
  • b2d8c9e 6.3.0
  • b91a2f8 Update dependencies
  • c470a3d Merge pull request #238 from lo1tuma/fix-nested
  • a18680d Merge pull request #239 from lo1tuma/fix-top-level
  • 2633908 Fix max-top-level-suites to ignore generated suites
  • 46f716d no-hooks-for-single-case: fix false postive in nested suites
  • 1c3a545 Merge pull request #237 from lo1tuma/template-strings
  • 6255546 Check static template strings in valid-test-description and valid-suite-description
  • 7eea93d Merge pull request #236 from lo1tuma/no-hooks-option
  • 8778d96 no-hooks: add option to allow certain kind of hooks
  • 36c9e67 Merge pull request #235 from brettz9/nondeprecated-rule-format
  • 471e354 Switch to nondeprecated eslint rule format
  • 8cf8640 Merge pull request #234 from brettz9/schemas-for-options
  • c1f8049 Merge pull request #229 from brettz9/recommended-rules
  • fdb3843 - Remove regex literal argument; simplify
  • 68a3c07 - Add schemas for options (and remove for files which are using settings)
  • 04cdbaa - Indicate whether rule is recommended (also put into table along with info on whether "fixable")
  • 6ac703b Merge pull request #233 from brettz9/options-in-docs
  • 347d544 Merge pull request #232 from brettz9/regexp-u-flags
  • 57add13 Merge pull request #231 from brettz9/doc-highlighting
  • 07948bd Merge pull request #230 from brettz9/package-lock
  • a147956 Merge pull request #228 from brettz9/fixable
  • f8141df Merge pull request #226 from cruzdanilo/master
  • bdad369 Merge pull request #227 from brettz9/patch-1

See the full diff

Package name: shelljs The new version differs by 32 commits.
  • 70668a4 0.8.5
  • d919d22 fix(exec): lockdown file permissions (#1060)
  • fcf1651 0.8.4
  • a1111ee Silence potentially upcoming circular dependency warning (#973)
  • d4d1317 0.8.3
  • db317bf Add test case for sed on empty file (#904)
  • 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
  • 6b3c7b1 refactor: don't expose tempdir in common.state (#903)
  • 4bd22e7 chore(ci): fix codecov on travis (#897)
  • 2b3b781 fix: silent exec (#892)
  • 37acb86 chore(npm): add ci-or-install script (#896)
  • 4e861db chore(appveyor): run entire test matrix (#886)
  • d079515 docs: remove gitter badge (#880)
  • 4113a72 grep includes the i flag (#876)
  • 8dae55f Fix(which): match only executable files (#874)
  • 6d66a1a chore: rename some tests (#871)
  • 131b88f Fix cp from readonly source (#870)
  • 1dd437e fix(mocks): fix conflict between mocks and skip (#863)
  • 72ff790 chore: bump dev dependencies and add package-lock (#864)
  • 93bbf68 Prevent require-ing bin/shjs (#848)
  • aa9d443 chore: output npm version in travis (#850)
  • 4733a32 chore(appveyor): do not use latest npm (#847)
  • dd5551d chore: update shelljs-release version (#846)
  • 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant