Closed snyk-bot closed 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)
Resolved as a part of #1076
droguljic
commented
1 year ago droguljic
commented
1 year ago
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5
SNYK-JS-PARSEURL-3023021
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5
SNYK-JS-PARSEURL-3024398
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: lerna
The new version differs by 182 commits.- 6a0c3fb chore(release): v5.5.2
- ebf6542 fix(run): warn on incompatible arguments with useNx (#3326)
- 068830e fix(run): missing `fs-extra` dependency declaration (#3332)
- 7971a60 chore(deps): bump parse-url and git-url-parse (#3330)
- 96b6f04 chore: fix formatting after release
- 9f119b0 chore(release): v5.5.1
- 99a13a9 fix(run): exclude dependencies with --scope when nx.json is not present (#3316)
- 1343b9f chore: update cache-tasks.md (#3291)
- 4cb2ac9 chore: update getting-started.md (#3293)
- f6717ea chore(run): Update deprecated nx arg _ to __overrides__ (#3315)
- 036b984 chore(version): add GH_TOKEN scope requirements for --create-release option (#3318)
- f30e550 chore(website): fix typo on configuration page (#3319)
- 746ce33 fix(core): prevent validation error in version/publish with `workspace:` prefix (#3322)
- 674ffd3 chore: fix formatting
- 5a69ce5 chore: fixes post release
- bc3eb99 chore(release): v5.5.0
- a3165c1 chore: update nx
- 1b18dbe feat: pnpm workspaces support (#3284)
- 1d6a6f5 chore(deps-dev): bump @ actions/core from 1.8.2 to 1.9.1 (#3299)
- d261112 Revert "feat(repair): add lerna repair command" (#3313)
- 8fe2220 chore(website): add announcement banner lerna talks
- f5c8480 fix(version): only update existing lockfile deps (#3308)
- aae1a2b feat(repair): add lerna repair command (#3302)
- a248165 chore: fix typo in how-caching-works.md (#3292)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)