Closed snyk-bot closed 5 months ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 8.1
SNYK-JS-AJV-584908
Why? Has a fix available, CVSS 5.3
SNYK-JS-GLOBPARENT-1016905
Why? Has a fix available, CVSS 5.9
SNYK-JS-MARKED-584281
Why? Has a fix available, CVSS 8.2
SNYK-JS-SEMANTICRELEASE-1041706
Why? Has a fix available, CVSS 4.3
SNYK-JS-SEMVERREGEX-1047770
Why? Has a fix available, CVSS 5.9
SNYK-JS-STYLELINT-460283
Why? Has a fix available, CVSS 7.5
SNYK-JS-TRIMNEWLINES-1298042
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-YARGSPARSER-560381
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: eslint
The new version differs by 148 commits.- 36ced0a 5.0.0
- 5fd5632 Build: changelog update for 5.0.0
- 0feedfd New: Added max-lines-per-function rule (fixes #9842) (#10188)
- daefbdb Upgrade: eslint-scope and espree to 4.0.0 (refs #10458) (#10500)
- 077358b Docs: no-process-exit: recommend process.exitCode (#10478)
- f93d6ff Fix: do not fail on unknown operators from custom parsers (fixes #10475) (#10476)
- 05343fd Fix: add parens for yield statement (fixes #10432) (#10468)
- d477c5e Fix: check destructuring for "no-shadow-restricted-names" (fixes #10467) (#10470)
- 7a7580b Update: Add considerPropertyDescriptor option to func-name-matching (#9078)
- e0a0418 Fix: crash on optional catch binding (#10429)
- de4dba9 Docs: styling team members (#10460)
- 5e453a3 Docs: display team members in tables. (#10433)
- b1895eb Docs: Restore intentional spelling mistake (#10459)
- a9da57d 5.0.0-rc.0
- 3ac3df6 Build: changelog update for 5.0.0-rc.0
- abf400d Update: Add ignoreDestructing option to camelcase rule (fixes #9807) (#10373)
- e2b394d Upgrade: espree and eslint-scope to rc versions (#10457)
- a370da2 Chore: small opt to improve readability (#10241)
- 640bf07 Update: Fixes multiline no-warning-comments rule. (fixes #9884) (#10381)
- 831c39a Build: Adding rc release script to package.json (#10456)
- dc4075e Update: fix false negative in no-use-before-define (fixes #10227) (#10396)
- 3721841 Docs: Add new experimental syntax policy to README (fixes #9804) (#10408)
- d0aae3c Docs: Create docs landing page (#10453)
- fe8bec3 Fix: fix writing config file when `source` is `prompt` (#10422)
See the full diffPackage name: semantic-release
The new version differs by 194 commits.- 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
- af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
- 6c7e4be docs: add semantic-release-helm plugin (#1713)
- c177d4b docs: add semantic-release-pypi plugin (#1707)
- eb70823 docs: add semantic-release-license-plugin (#1701)
- 885d87a feat(docs): note that publish token is required (#1700)
- f8f8fbc fix: escape uri encoded symbols (#1697)
- c8d38b6 style: removed line breaks to align with xo rule (#1689)
- ca90b34 fix: mask secrets when characters get uri encoded
- 63fa143 docs(plugins): add listing for new plugin (#1686)
- 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
- 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
- d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
- 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
- b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
- 18e35b2 docs: reorder default plugins list (#1650)
- e35e5bb docs(contributing): fix commit message examples (#1648)
- 311c465 docs(README): welcome @ travi, add alumni section
- b4c5d0a fix: add logging for when ssh falls back to http (#1639)
- c982249 docs(contributing): typo fix (#1638)
- 9635f50 docs: improve github actions recipe on git plugin (#1626)
- d036a89 ci(docs): use actions/checkout@v2 (#1620)
- 9303d1d docs(resources.md): added more sematnic release article (#1610)
- b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)
See the full diffPackage name: stylelint
The new version differs by 250 commits.- 04af9e4 13.0.0
- 704f6a2 Prepare 13.0.0
- 50ba8a9 Reorder changelog
- 1666bba Update devDependencies (#4542)
- 062d298 Reindent nodejs.yml (#4541)
- a24e44a Fix atypical rule README structure (#4537)
- 616ad71 Bump husky from 4.0.3 to 4.0.6 (#4536)
- 5e58ee7 Bump globby from 10.0.2 to 11.0.0 (#4528)
- eaee6a4 Refactor CLI options definition (#4530)
- 6a2ffbd Fix plugin path
- 644b713 Fix Windows path problem
- 1005cbd Add info about invalid syntax in FAQ (#4535)
- 18b1f99 Fix help text indentation (#4531)
- d3c4a9f Update CHANGELOG.md
- 32f67e7 Update CHANGELOG.md
- 04ec577 Bump globby from 10.0.1 to 11.0.0
- d9dbce2 Process multiple spaces in media-feature-parentheses-space-inside (#4513)
- 1dc203e Regenerate package-lock.json (#4517)
- 36bf292 Bump husky from 3.1.0 to 4.0.3 (#4527)
- f5529d5 Bump @ types/micromatch from 3.1.1 to 4.0.0 (#4526)
- a254fd2 Bump got from 10.2.0 to 10.2.1 (#4525)
- f2e9f02 Bump remark-validate-links from 9.0.1 to 9.1.0 (#4524)
- 74d5233 Remove unneeded `@ types/meow` package (#4523)
- cef0b95 Update CHANGELOG.md
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic