Nishkalkashyap / Quark-electron

Quark is a cross-platform, integrated development environment for rapidly building - functional , prototypal projects, written in HTML, CSS and JavaScript with native desktop app like capabilities.
https://quarkjs.io
GNU General Public License v3.0
239 stars 19 forks source link

[Snyk] Security upgrade recursive-readdir from 2.2.2 to 2.2.3 #55

Open Nishkalkashyap opened 2 years ago

Nishkalkashyap commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: recursive-readdir The new version differs by 13 commits.
  • 959484b 2.2.3
  • 363da21 doc: add release notes for v2.2.3
  • 1840d5a Merge pull request #85 from akerpelm/patch-1
  • d745475 chore: use caret for minimatch dep
  • 7b234f7 Update package.json
  • aee17c0 Merge pull request #73 from jergason/jd/update-infra
  • 06ef9a7 drop support for old non-es6 versions of node, maybe its time?
  • 27c4b8a update travis matrix, bump mocha versions
  • 0d0e8d6 require at least node 0.12, since we use built-in Promises
  • 8cde873 Merge pull request #64 from davidnguyen179/update_readme
  • 88be0f7 Merge pull request #70 from tobiasbueschel/build/package-files
  • 2606a13 Only include index.js when in published npm module
  • d2357e0 update promise readme
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nishkalkashyap/project/1f69bd6d-330a-4f30-ac57-14a5ddb67367?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/nishkalkashyap/project/1f69bd6d-330a-4f30-ac57-14a5ddb67367?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"71931e44-27ff-454a-bd25-eecb32ea3cb5","prPublicId":"71931e44-27ff-454a-bd25-eecb32ea3cb5","dependencies":[{"name":"recursive-readdir","from":"2.2.2","to":"2.2.3"}],"packageManager":"npm","projectPublicId":"1f69bd6d-330a-4f30-ac57-14a5ddb67367","projectUrl":"https://app.snyk.io/org/nishkalkashyap/project/1f69bd6d-330a-4f30-ac57-14a5ddb67367?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MINIMATCH-3050818"],"upgrade":["SNYK-JS-MINIMATCH-3050818"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[551]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript//?loc=fix-pr)