search

TreeGateway / tree-gateway

This is a full featured and free API Gateway
http://treegateway.com
MIT License
189 stars 42 forks source link

[Snyk] Security upgrade micromatch from 3.1.10 to 4.0.0 #189

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 691/1000
Why? Recently disclosed, Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-CACHEBASE-1054631		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: micromatch The new version differs by 29 commits.
  • 89efcff 4.0.0
  • f3238cb Merge pull request #151 from micromatch/dev
  • 7c78f9a ensure args are strings
  • 2e42796 bump picomatch
  • 09f8260 windows, it's time we had a talk...
  • a49f94c fix slashes in tests
  • a6ab670 use braces patch, build readme
  • 976d956 upgrade braces and picomatch
  • a6596da add benchmarks
  • 11168b1 rename unixify to windows
  • 5bf40fe package.json: Use github versions of deps to test the env.
  • 5d78d48 Drop node v6 since picomatch doesnt support it.
  • 96ac3ba Remove duplicate node. Remove unsupported node v7.
  • bf44408 Merge branch 'master' into dev
  • b8abcf9 Merge remote-tracking branch 'origin/dev'
  • e07df11 rebuild docs
  • 47340ad Merge remote-tracking branch 'origin/master' into dev
  • 52df06d refactor
  • 09bd55c Merge pull request #149 from Glazy/hotfix/issue-template-update
  • c32543d Add myself to package.json contributors list
  • 86858bf Update issue template w/ typo and question change
  • f2ce9d2 Merge pull request #130 from wtgtybhertgeghgtwtg/unescape
  • 677f127 Merge pull request #134 from Tvrqvoise/v3-changelog
  • 4a70a66 Merge pull request #141 from simlu/patch-1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic