[Snyk] Upgrade nconf from 0.7.2 to 0.11.3

[snyk-bot]

Snyk has created this PR to upgrade nconf from 0.7.2 to 0.11.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2021-06-21.

Release notes

Package name: nconf

• 0.11.3 - 2021-06-21
  

  Fixes:

  • Handle case where parsed config object doesn't have a prototype (#365) (@ ilkkao)
• 0.11.2 - 2021-01-26
  

  This release resolves several security vulnerabilities by upgrading underlying packages.

• 0.11.1 - 2021-01-08
  

  This release resolves several security vulnerabilities by upgrading underlying packages.

• 0.11.0 - 2020-11-24
  

  This release resolves several security vulnerabilities by upgrading underlying packages.

  WARNING: Due to upstream packages updates, this may cause issues with older Node.js versions (e.g. Node.js v8.x). Those older Node releases are out of support anyway, so you shouldn't use them, but be aware of this possibility.

• 0.10.0 - 2017-12-18
  

  0.10.0

• 0.9.1 - 2017-11-04
  

  0.9.1

• 0.9.0 - 2017-11-04
• 0.8.5 - 2017-09-27
• 0.8.4 - 2016-02-03
• 0.8.3 - 2016-02-02
• 0.8.2 - 2015-10-07
• 0.8.1 - 2015-10-02
• 0.8.0 - 2015-09-20
• 0.7.2 - 2015-08-04

from nconf GitHub release notes

Commit messages

Package name: nconf

• 218059e 0.11.3
• dc8c3d6 Handle case where parsed config object hasn't prototype (feat: bump snyk-docker-plugin to include openjdk analyser fix #365)
• b1914ae 0.11.2
• 54bd403 chore: upgrade deps to fix security vulns
• e6dfa5d 0.11.1
• 709cc60 Bump node-notifier from 8.0.0 to 8.0.1 (feat: use jsdiff instead of 'patch' to reduce dependency on OS binaries #355)
• eca2bf3 Bump ini from 1.3.5 to 1.3.6 (feat: move fixed in calculation for os packages to phoenix #353)
• 85229df chore: enable circleci
• 91e9106 chore: update changelog
• 4122731 0.11.0
• 56794d1 chore: upgrade deps to fix security vulns
• 1392ac4 0.10.0
• 01f25fa Regex as env separator (fix: move to the new version of nodejs-lockfile-parser  #288)
• 16667be Argv store separator (#291)
• bac910a 0.9.1
• 2bdf7e1 Clean Argv Store options (feat: bump docker plugin version #290)
• b9321b2 transformer can now return an undefined key (#289)
• 81ce0be Update changelog
• b1ee63c fix error in transform function when dealing with dropped entries (feat: bump docker plugin #287)
• 9f70ba1 [doc] Update changelog
• 8afcf99 [dist] Version bump. 0.9.0
• b41c505 Save conf to dedicated file (#283)
• 52e0a35 Update changelog
• fa215a4 add tests for the normal configuration of yargs via argv

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs