Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade npm-check-updates from 2.15.0 to 3.1.10 #115

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade npm-check-updates from 2.15.0 to 3.1.10 #115

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm-check-updates The new version differs by 170 commits.
  • 4eda6ac 3.1.10
  • 1e338b1 Update all dependencies. Guard against undefined packageFile.
  • 18359a5 snyk
  • 1b4eb7d 3.1.9
  • cd8da83 Merge pull request #538 from stoically/proxy-protocol
  • e505c14 Pass protocol into proxy agent instead of secureProxy
  • 9650e79 3.1.8
  • 6788e4b Should not allow wildcards to be outnumbered by non-wildcards. Fixes #531.
  • e7bbbd8 3.1.7
  • 2a409b5 Merge pull request #528 from stoically/ssl-support
  • f5ddee0 3.1.6
  • 4a5bb1c Merge pull request #530 from radkodinev/fix-interactive-prompt-versions
  • 0f00e6e Fix interactive mode prompt - old dependency version shown instead of new
  • 1e59b56 3.1.5
  • cac7777 Colorize change versions before 1.0.0 as breaking. Fixes #529.
  • c4c23a5 Add support for ssl npmrc configurations
  • f5edcde 3.1.4
  • 4e8e2a1 Exit with non-zero error code on unhandled promise rejection. Fixes #527.
  • 1fa021f Merge pull request #526 from nakagawa424/proxy-auth
  • 0ad04a0 fix: proxy.auth for empty username
  • 6bc217b proxy.auth support with WHATWG URL
  • 6d62275 Add proxy.auth support
  • 0d19682 3.1.3
  • ec03dba Merge pull request #525 from stoically/noproxy

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
2a96710 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot