search

atomist-skills / github-auto-merge-skill

Atomist Skill to merge Pull Requests on GitHub
Apache License 2.0
0 stars 0 forks source link

Fix 2 npm dependencies #308

Closed atomist[bot] closed 3 years ago

atomist[bot] commented 3 years ago

This pull request fixes 1 moderate security vulnerability open on 3ed9c6d but 1 critical and 1 moderate vulnerabilities remain open and need manual review.

npm audit fix updated the following npm dependencies:

Fixed vulnerabilities

Following security vulnerabilities are fixed:

path-parse

Regular Expression Denial of Service in path-parse Upgrade to version 1.0.7 or later moderate · <1.0.7 · CVE-2021-23343 · automatic fix available

path-parse@1.0.6 · 1 vulnerable path
  • @atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > resolve > path-parse

    • hosted-git-info

    Regular Expression Denial of Service in hosted-git-info Upgrade to version 2.8.9 or later moderate · <2.8.9 · CVE-2021-23362 · automatic fix available

    hosted-git-info@2.8.8 · 1 vulnerable path
  • @atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info

    • Open vulnerabilities

    Following security vulnerabilities remain open and need manual review:

    lodash

    Arbitrary code execution in lodash None critical · <=4.17.21 · CVE-2021-41720 · automatic fix available

    lodash@4.17.21 · 10 vulnerable paths
  • @atomist/skill > @graphql-codegen/cli > @graphql-codegen/core > @graphql-codegen/plugin-helpers > lodash
  • @atomist/skill > @graphql-codegen/cli > @graphql-codegen/plugin-helpers > lodash
  • @atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > lodash
  • @atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > lodash
  • @atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > lodash
  • @atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > lodash
  • @atomist/skill > @graphql-codegen/cli > inquirer > lodash
  • @atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/plugin-helpers > lodash
  • @atomist/skill > @graphql-codegen/typescript > @graphql-codegen/plugin-helpers > lodash
  • @atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-codegen/plugin-helpers > lodash

    • ansi-regex

    Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate · >2.1.1 <5.0.1 · CVE-2021-3807 · automatic fix available

    ansi-regex@3.0.0 · 4 vulnerable paths
  • @atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
  • @atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
  • @atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
  • @atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex

    • File changed:

    atomist/npm-vulnerability-scanner-skill · Configure

    atomist[bot] commented 3 years ago

    Pull request auto merged: