[Snyk] Security upgrade generator-license from 5.1.0 to 5.5.0 - Githubissues

commonality / generator-community

䷤ Generate README, CODE_OF_CONDUCT, CONTRIBUTING, LICENSE, ISSUE_TEMPLATE, and PULL_REQUEST_TEMPLATE repository docs to encourage consumption and invite contributions.

MIT License

9 stars 7 forks source link

[Snyk] Security upgrade generator-license from 5.1.0 to 5.5.0 #29

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: generator-license

The new version differs by 33 commits.

86b7afb generator-license v5.5 (#102)
ff14960 Bump ws from 7.2.1 to 7.4.6 (#101)
cbbdaaa Bump hosted-git-info from 2.5.0 to 2.8.9 (#100)
5d79735 Bump lodash from 4.17.19 to 4.17.21 (#99)
c616837 Bump y18n from 4.0.0 to 4.0.1 (#98)
561c3d9 Bump lodash from 4.17.15 to 4.17.19 (#97)
42ce3b5 Update libraries with npm audit fix
e5b53f3 Bump handlebars from 4.1.2 to 4.5.3 (#96)
cdb6833 Bump mixin-deep from 1.3.1 to 1.3.2 (#94)
7d11095 Bump lodash from 4.17.11 to 4.17.15 (#95)
712e105 Update packages to latest version
451301b Add nodejs 12 to build matrix
4e1438f Update packages to fix security errors
cc86072 Remove nsp tool and switch to npm audit
aeb9d17 Remove the old NodeJS 6 from builds
674f4dc Update build matrix; Fix #91
5a455d4 5.4.0
9ec3d42 Add the `publish` option (#82)
9959d5a Bump dependencies
c092604 5.3.0
a1446b9 Update lock format and travis matrix
6b88b27 Undefined or null (#87)
e694910 Remove redundant dep, git-config, fixes #85 (#86)
9009547 Replace `nolicense` with `UNLICENSED` (#83)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic