Snyk has created this PR to upgrade @commitlint/cli from 8.1.0 to 8.3.6.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 8 versions ahead of your current version.
The recommended version was released 7 months ago, on 2021-11-17.
Snyk has created this PR to upgrade @commitlint/cli from 8.1.0 to 8.3.6.
The recommended version fixes:
SNYK-JS-LODASHTEMPLATE-1088054
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-LODASH-608086
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-LODASH-567746
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-LODASH-1040724
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-INI-1048974
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-TRIMOFFNEWLINES-1296850
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-PATHPARSE-1077067
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-LODASH-1018905
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-HOSTEDGITINFO-1088355
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-MINIMIST-2429795
Why? Proof of Concept exploit, CVSS 7.2
SNYK-JS-MINIMIST-2429795
Why? Proof of Concept exploit, CVSS 7.2
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: @commitlint/cli
-
8.3.6 - 2021-11-17
-
8.3.5 - 2020-01-15
-
8.3.4 - 2020-01-03
-
8.3.3 - 2019-10-22
-
8.3.2 - 2019-10-22
-
8.3.1 - 2019-10-16
-
8.3.0 - 2019-10-16
-
8.2.0 - 2019-09-16
-
8.1.0 - 2019-07-15
from @commitlint/cli GitHub release notes8.3.6 (2021-11-17)
Note: Version bump only for package @ commitlint/root
chore: update lodash to 4.17.21
SECURITY: CVE-2021-23337 in package lodash https://nvd.nist.gov/vuln/detail/CVE-2021-23337
Commit messages
Package name: @commitlint/cli
- 9ef77c2 v8.3.6
- 6a82f76 chore: update lock file
- 1410887 chore: update lodash to 4.17.21 (#2688)
- b39e1ad v8.3.5
- 09e9cde chore: update lockfile with updated types dependencies
- aabc549 fix(is-ignored): move types to dev dependencies (#897)
- 02b5899 docs: use latest node in travis guide (#871)
- 5d6bf9a docs: add options parameter for load function (#867)
- b131a18 fix(resolve-extends): move node types to dev dependencies (#883)
- 3fce339 v8.3.4
- 6b3b9a9 fix(commitlint): use new read pkg syntax (#888)
- 5fd8a69 chore: update dependency @ types/node to v12.11.5 (#838)
- 8fc4872 chore: update dependency lerna to v3.18.3 (#837)
- 9a1dd6f v8.3.3
- 11b920b chore: update dependency conventional-changelog-conventionalcommits to v4.2.1 (#836)
- 3ed8009 fix(load): add support for non-factory conventional parsers (#839)
- 0382070 v8.3.2
- dcc83db chore: pin dependency conventional-changelog-conventionalcommits to 4.1.0 (#829)
- 489a5f3 chore: update dependency @ types/jest to v24.0.19 (#827)
- aa4f7c3 chore: update dependency typescript to v3.6.4 (#824)
- 24b6e55 chore: update lerna monorepo (#823)
- 84500ff chore: update dependency which to v2 (#814)
- 572a52c chore: update dependency @ types/node to v12.11.2 (#813)
- 81c74e7 chore: update dependency cross-env to v6.0.3 (#811)
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs