search

DeviaVir / zenbot

Zenbot is a command-line cryptocurrency trading bot using Node.js and MongoDB.
MIT License
8.21k stars 2.04k forks source link

[Snyk] Upgrade snyk from 1.438.0 to 1.459.0 #2659

Closed DeviaVir closed 3 years ago

DeviaVir commented 3 years ago

Snyk has created this PR to upgrade snyk from 1.438.0 to 1.459.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Command Injection
SNYK-JS-LODASH-1040724		 539/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.2		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 539/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.2		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: snyk
  • 1.459.0 - 2021-02-22

    1.459.0 (2021-02-22)

    Bug Fixes

    • poetry fix to make sure dependency graph connections are built between pre-existing nodes (45a390a)
  • 1.458.0 - 2021-02-19

    1.458.0 (2021-02-19)

    Features

    • Don't open browser auth if inside container (da53738)
  • 1.457.0 - 2021-02-18

    1.457.0 (2021-02-18)

    Features

    • add init-script argument to CLI for gradle (859f71d)
  • 1.456.0 - 2021-02-17

    1.456.0 (2021-02-17)

    Features

    • adds support for critical severity (cc8730e)
  • 1.455.0 - 2021-02-15

    1.455.0 (2021-02-15)

    Features

  • 1.454.0 - 2021-02-12
    • feat: add Visual Studio as an official integration
  • 1.453.0 - 2021-02-12

    Fixes

    • Replace lodash package with lodash subpackages
  • 1.452.0 - 2021-02-11

    Includes fix to consider hyphens and underscores to be equivalent in package name comparisons in Poetry

  • 1.451.0 - 2021-02-11

    Release Notes pending

  • 1.450.0 - 2021-02-10

    Bumps the python plugin to include the following fixes for poetry:

    • Stop parser from trying to look up packages not propagated to the lockfile (wheel, distributed, pip, setuptools)
    • Stop parser from failing when failing to locate dependency in lockfile and instead log a warning. This could be because of python requirements allowing it in the manifest but not actually installing it and adding a lockfile entry or because of how Poetry treats the use of underscores and hyphens when installing packages
    • Reversed PR that introduced swapping underscores in manifest for hyphens in lockfile. This was due to a misunderstanding of how Poetry worked and is remediated by the above.
  • 1.449.0 - 2021-02-10
  • 1.448.0 - 2021-02-09
  • 1.447.0 - 2021-02-08
  • 1.446.0 - 2021-02-05
  • 1.445.0 - 2021-02-04
  • 1.444.0 - 2021-02-04
  • 1.443.0 - 2021-02-04
  • 1.442.0 - 2021-02-04
  • 1.441.0 - 2021-02-04
  • 1.440.5 - 2021-02-03
  • 1.440.4 - 2021-02-01
  • 1.440.3 - 2021-02-01
  • 1.440.2 - 2021-02-01
  • 1.440.1 - 2021-01-28
  • 1.440.0 - 2021-01-28
  • 1.439.4 - 2021-01-28
  • 1.439.3 - 2021-01-27
  • 1.439.2 - 2021-01-27
  • 1.439.1 - 2021-01-25
  • 1.439.0 - 2021-01-21
  • 1.438.0 - 2021-01-20
from snyk GitHub release notes
Commit messages
Package name: snyk
  • 9645a3e Merge pull request #1653 from snyk/fix/bump-python-plugin-version
  • 45a390a fix: bump snyk-python-plugin
  • 5391431 Merge pull request #1652 from snyk/smoke/fix-broken-test
  • fbe3e64 test: iac test will run only in regression tests
  • 629d571 test: fix broken test
  • 3775fcd Merge pull request #1648 from snyk/refactor/iac-test-documentation
  • 9036298 refactor: improve iac test error messages & remove irrelevant tests
  • 23a8655 Merge pull request #1645 from snyk/feat/docker-auth
  • da53738 feat: Don't open browser auth if inside container
  • eae7385 Merge pull request #1650 from snyk/chore/remove-dev-package-publish
  • b91a33f chore: remove dev-release package publishing
  • c508c1f Merge pull request #1647 from snyk/feat/init-script
  • 859f71d feat: add init-script argument to CLI for gradle
  • 787308d Merge pull request #1627 from snyk/chore/update-critical-sev-colour
  • a52dcae Merge pull request #1619 from snyk/chore/enhance-ci-job-parallelism
  • 42e421c chore: additional formatting cleanup
  • 96f619e chore: export function to map severity to color
  • ea94dea chore: unified place for severity-to-color mapping
  • cc8730e feat: adds support for critical severity
  • edf422e Merge pull request #1566 from snyk/orfattal-cla-update
  • fbf8d7d chore: rebase after Node 8 deprecation and update remote docker settings
  • 7829fdc chore: replace `unix` with `linux`
  • 6520555 chore: run tests suites in parallel
  • a3b9001 Merge pull request #1639 from snyk/feat/drop-node-8-support
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.