[Snyk] Upgrade cfenv from 1.2.2 to 1.2.4

[snyk-bot]

Snyk has created this PR to upgrade cfenv from 1.2.2 to 1.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2021-04-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	405/1000 Why? CVSS 8.1	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-PUG-1071616	405/1000 Why? CVSS 8.1	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	405/1000 Why? CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	405/1000 Why? CVSS 8.1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: cfenv

• 1.2.4 - 2021-04-07
  No content.
• 1.2.3 - 2020-07-24
  

  version 1.2.3

• 1.2.2 - 2019-03-26
  No content.

from cfenv GitHub release notes

Commit messages

Package name: cfenv

• fb0a2aa update dependencies, now at version 1.2.4
• 63e072a version 1.2.3
• 02bb92d Issue 45 Remove '.cfignore'

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs