ayishagisel / TastyTracker

Using "Build Your First WEB APP" tutorial book by D. Levinson Todd Belton
https://github.com/ayishagisel/TastyTracker
0 stars 0 forks source link

[Snyk] Security upgrade npm from 6.2.0 to 6.6.0 #46

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm The new version differs by 213 commits.
  • bb8688d 6.6.0
  • f277bce doc: update changelog for npm@6.6.0
  • 46639ba chore: Update package-lock.json for https tarball URLs
  • 6c89adb 6.6.0-next.1
  • b9d4dcb update AUTHORS
  • 371442f doc: update changelog for npm@6.6.0
  • c665f35 chore: replace var with const/let in lib/repo.js (#119)
  • 5d07635 doc: fix npm-prefix description (#116)
  • a5c9e6f cli,outdated: default homepage to an empty string (#124)
  • f58b43e audit: report any errors above 400 as potentially not supporting audit (#128)
  • c5b6056 Handle git branch references correctly (#123)
  • 41f1552 deps: updating semver docs
  • 887e943 lru-cache@4.1.5
  • 5777ea8 readable-stream@3.1.1
  • a0a0ca9 pacote@9.3.0
  • 4ffa8a8 query-string@6.2.0
  • 3f40251 npm-pick-manifest@2.2.3
  • 455476c require-inject@1.4.4
  • 740e79e rimraf@2.6.3
  • 09a5c2f semver@5.6.0
  • e4ffc6a unique-filename@1.1.1
  • 8213def npm-packlist@1.2.0
  • 66d60e3 marked@0.6.0
  • 2a59bfc libnpmhook@5.0.2
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic