pull-request-quantifier-deprecated[bot]
commented
2 years ago 
This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!
Quantification details
``` Label : Extra Small Size : +1 -1 Percentile : 0.8% Total files changed: 2 Change summary by file extension: .json : +1 -1 ``` > Change counts above are quantified counts, based on the [PullRequestQuantifier customizations](https://github.com/microsoft/PullRequestQuantifier/blob/main/docs/prquantifier-yaml.md).Why proper sizing of changes matters
Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean: - Fast and predictable releases to production: - Optimal size changes are more likely to be reviewed faster with fewer iterations. - Similarity in low PR complexity drives similar review times. - Review quality is likely higher as complexity is lower: - Bugs are more likely to be detected. - Code inconsistencies are more likely to be detected. - Knowledge sharing is improved within the participants: - Small portions can be assimilated better. - Better engineering practices are exercised: - Solving big problems by dividing them in well contained, smaller problems. - Exercising separation of concerns within the code changes. #### What can I do to optimize my changes - Use the PullRequestQuantifier to quantify your PR accurately - Create a context profile for your repo using the [context generator](https://github.com/microsoft/PullRequestQuantifier/releases) - Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the `Excluded` section from your `prquantifier.yaml` context profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your `prquantifier.yaml` context profile. - Only use the labels that matter to you, [see context specification](./docs/prquantifier-yaml.md) to customize your `prquantifier.yaml` context profile. - Change your engineering behaviors - For PRs that fall outside of the desired spectrum, review the details and check if: - Your PR could be split in smaller, self-contained PRs instead - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR). #### How to interpret the change counts in git diff output - One line was added: `+1 -0` - One line was deleted: `+0 -1` - One line was modified: `+1 -1` (git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
 #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **586/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Open Redirect
[SNYK-JS-NODEFORGE-2330875](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875) | Yes | Proof of Concept  | **529/1000**
**Why?** Has a fix available, CVSS 6.3 | Prototype Pollution
[SNYK-JS-NODEFORGE-2331908](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908) | Yes | No Known Exploit  | **494/1000**
**Why?** Has a fix available, CVSS 5.6 | Improper Verification of Cryptographic Signature
[SNYK-JS-NODEFORGE-2430337](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337) | Yes | No Known Exploit  | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Improper Verification of Cryptographic Signature
[SNYK-JS-NODEFORGE-2430339](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339) | Yes | No Known Exploit  | **494/1000**
**Why?** Has a fix available, CVSS 5.6 | Improper Verification of Cryptographic Signature
[SNYK-JS-NODEFORGE-2430341](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: node-forge
The new version differs by 68 commits.- 6c5b901 Release 1.3.0.
- 0f3972a Update changelog.
- dc77b39 Fix error checking.
- bb822c0 Add advisory links.
- d4395fe Update changelog.
- a4405bb Improve signature verification tests.
- aa9372d Add missing RFC 8017 algorithm identifiers.
- 3f0b49a Fix signature verification issues.
- c20f309 Adjust remaining length.
- e27f612 Remove unused option.
- 2b1f368 Add fallback to pretty print invalid UTF8 data.
- 7928551 Start 1.2.2-0.
- 2162bfc Release 1.2.1.
- 43a456e Update changelog.
- 2f3820a Refactor logging to avoid use of URLSearchParams.
- 50a20ec Load entire module while testing.
- 1545316 Start 1.2.1-0.
- 866ed40 Release 1.2.0.
- a9f013a Update changelog.
- f8e498a Fix typos.
- 9d8b0ee Add verification helper.
- 2fb9995 Add helper to create signature digest.
- 03d3ed7 Added alternate OID 1.3.14.3.2.29 for sha1 with RSA
- 874cef8 Update changelog.
See the full diff