TheNewSource / docs

learn you some npm for great good
https://docs.npmjs.com
0 stars 0 forks source link

[Snyk] Security upgrade harp from 0.25.0 to 0.30.0 #58

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: harp The new version differs by 30 commits.
  • d93ef32 adds Roger K. and Claus Colloseus to contributor list
  • 2243905 version bump v0.30.0. adds Marco Emrich to contributor list
  • 289d82d Merge branch 'marcoemrich-master'
  • ba02da7 fixes dep command in directory overite test
  • 31af199 Merge https://github.com/sintaxi/harp
  • 4eaacab downgrade send back to 0.15.6
  • c409afb Update SECURITY.md
  • 909df45 adds SECURITY.md file
  • 7ffe86e npm audit fix
  • 56080e1 upgrade connect, change basic auth
  • ebf786d upgrade mocha
  • 6b88670 upgrade connect
  • f8efe7b npm audit fix
  • c730737 Merge pull request #640 from ccprog/ccprog-patch-compile
  • b90a676 route travis to Trusty build/w docker
  • 4ec315a Merge branch 'master' into ccprog-patch-compile
  • 33518de updated @ types/babel-types L17, jsonparse L25, and through L26
  • 0fc5157 updates terraform which adds yaml support.
  • e9d6f66 version bump v0.28.1
  • d0b6592 Merge pull request #636 from Yajo/docker
  • 926b88a updates terraform v1.6.1
  • cd3d119 changes harp.nu to lvh.me
  • ea42aaa Add official dockerfile
  • 153f495 version bump v0.27.0 adds bundle.cjs support
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic