Closed atomist[bot] closed 3 years ago
This pull request fixes all 2 moderate security vulnerabilities open on e0e19bc.
npm audit fix updated the following npm dependencies:
npm audit fix
hosted-git-info
path-parse
Following security vulnerabilities are fixed:
Regular Expression Denial of Service in path-parse Upgrade to version 1.0.7 or later moderate · <1.0.7 · CVE-2021-23343 · automatic fix available
<1.0.7
path-parse@1.0.6
@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > resolve > path-parse
Regular Expression Denial of Service Upgrade to version 3.0.8 or later moderate · <2.8.9 || >=3.0.0 <3.0.8 · CVE-2021-23362 · automatic fix available
<2.8.9 || >=3.0.0 <3.0.8
hosted-git-info@2.8.8
@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure
Pull request auto merged:
This pull request fixes all 2 moderate security vulnerabilities open on e0e19bc.
npm audit fix
updated the following npm dependencies:hosted-git-info
2.8.8 > 2.8.9path-parse
1.0.6 > 1.0.7Fixed vulnerabilities
Following security vulnerabilities are fixed:
path-parse
Regular Expression Denial of Service in path-parse Upgrade to version 1.0.7 or later moderate ·
<1.0.7
· CVE-2021-23343 · automatic fix availablepath-parse@1.0.6
· 1 vulnerable path@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > resolve > path-parse
hosted-git-info
Regular Expression Denial of Service Upgrade to version 3.0.8 or later moderate ·
<2.8.9 || >=3.0.0 <3.0.8
· CVE-2021-23362 · automatic fix availablehosted-git-info@2.8.8
· 1 vulnerable path@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure