search

atomist-skills / github-auto-merge-skill

Atomist Skill to merge Pull Requests on GitHub
Apache License 2.0
0 stars 0 forks source link

Fix 2 npm dependencies #304

Closed atomist[bot] closed 3 years ago

atomist[bot] commented 3 years ago

This pull request fixes all 2 moderate security vulnerabilities open on e0e19bc.

npm audit fix updated the following npm dependencies:

Fixed vulnerabilities

Following security vulnerabilities are fixed:

path-parse

Regular Expression Denial of Service in path-parse Upgrade to version 1.0.7 or later moderate · <1.0.7 · CVE-2021-23343 · automatic fix available

path-parse@1.0.6 · 1 vulnerable path
  • @atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > resolve > path-parse

    • hosted-git-info

    Regular Expression Denial of Service Upgrade to version 3.0.8 or later moderate · <2.8.9 || >=3.0.0 <3.0.8 · CVE-2021-23362 · automatic fix available

    hosted-git-info@2.8.8 · 1 vulnerable path
  • @atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info

    • File changed:

    atomist/npm-vulnerability-scanner-skill · Configure

    atomist[bot] commented 3 years ago

    Pull request auto merged: