[Snyk] Security upgrade commitlint from 8.2.0 to 9.0.1 - Githubissues

Xesenix / xes-rx-tween

TweenObservable for rxjs.

MIT License

0 stars 0 forks source link

[Snyk] Security upgrade commitlint from 8.2.0 to 9.0.1 #105

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	490/1000 Why? CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: commitlint

The new version differs by 160 commits.

7ff3f29 v9.0.1
09afcd6 fix: add missing @babel/runtime dep #1738 (#1754)
341247b v9.0.0 - further gitHead entries
71f0194 v9.0.0
5bb6907 docs(readme): add install husky example (#1699)
0f0f95a chore: update dependency typescript to v3.8.2 (#1002)
890df29 chore: update dependency @types/node to v12.12.28 (#1001)
6c9ab78 chore: update dependency @types/jest to v25.1.3 (#1000)
882e292 chore: update dependency ts-jest to v25.2.1 (#999)
c3eb1a7 fix: ignore empty commit messages #615 (#676)
8b394c9 feat(config-conventional): footer/body-max-line (#436)
4443062 feat: add async promise based rules methods into lint (#976)
89168b8 chore: update typescript-eslint monorepo to v2.20.0 (#998)
9d14792 chore: update dependency husky to v4.2.3 (#996)
4ee307a fix: update dependency semver to v7.1.3 (#995)
c7cfe37 chore: remove unused configs (#991)
0404c7d chore: update dependency @types/node to v12.12.27 (#994)
34c11b8 fix: incorrect use of when in getForcedCaseFn (#993)
6f80f70 chore: align required globby between packages (#992)
f379dcc refactor: replace lodash/omit with spread (#988)
d5c601f test: add missing test cases for ensure and is-ignored (#987)
ec4af58 docs: update node version support (#986)
f74e036 chore: upgrade execa to 3.4.0 (#984)
c49a57c feat: passdown argv to lint command (#891)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

coveralls commented 3 years ago

Coverage remained the same at 100.0% when pulling 1c0aef00e111bacfacf9d1f9c493217ae5bea445 on snyk-fix-548f50053c1804f2ea4520c97c9a59e3 into 68ad57b991898fc88b45e7b901059a4bb7977a6a on master.