eiurur / Mukuu

COM3D2 MOD Search Site.
https://mukuu.herokuapp.com
27 stars 3 forks source link

[Snyk] Security upgrade lerna from 3.22.1 to 5.1.2 #113

Open eiurur opened 2 years ago

eiurur commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=lerna&from_version=3.22.1&to_version=5.1.2&pr_id=1c6e992f-29af-4714-add0-1af69efbb691&visibility=true&has_feature_flag=false) #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: lerna The new version differs by 226 commits.
  • 45ff346 chore(release): v5.1.2
  • e519f43 fix(conventional-commits): remove pinned lodash.template (#3172)
  • d242b06 chore(e2e): Add e2e tests for lerna init options (#3162)
  • 56eaa15 fix: update all transitive inclusions of ansi-regex (#3166)
  • cb47e7a chore: switch readme image based on dark mode and pin node version (#3164)
  • eb7da85 chore(release): v5.1.1
  • 21ce2bf chore: remove broken postversion in root package.json
  • 72305e4 fix: allow maintenance LTS node 14 engines starting at 14.15.0 (#3161)
  • 6cf9be8 chore: initial e2e spec for lerna init (#3158)
  • 479bf4c chore: update CHANGELOG.md
  • 6b9c375 chore(release): v5.1.0
  • 7e69e9e fix(utils): orphaned child process on Windows (#3156)
  • 897caee chore: fix typos (#2732)
  • c6808fc feat: handle the edge cases in the lerna-nx integration
  • ff27ccb chore(release): v5.1.0-alpha.0
  • bf7daa6 chore: remove references to git.io (#3153)
  • c363ec4 chore: restore CI workflow
  • 4464787 chore: remove update-historical workflow as no longer needed
  • 7caf43b chore: update historical (#3148)
  • 1022919 chore: update historical
  • a9f3ba4 chore: update historical (#3147)
  • 780cc89 chore: update contributing notes
  • 9f32d4e chore: update issue templates and contributing notes
  • 1c35828 feat: add experimental support to run tasks via Nx
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/eiurur/project/4e25305e-bebd-470f-8acd-fc472994b5eb?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/eiurur/project/4e25305e-bebd-470f-8acd-fc472994b5eb?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"1c6e992f-29af-4714-add0-1af69efbb691","prPublicId":"1c6e992f-29af-4714-add0-1af69efbb691","dependencies":[{"name":"lerna","from":"3.22.1","to":"5.1.2"}],"packageManager":"npm","projectPublicId":"4e25305e-bebd-470f-8acd-fc472994b5eb","projectUrl":"https://app.snyk.io/org/eiurur/project/4e25305e-bebd-470f-8acd-fc472994b5eb?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908"],"upgrade":["SNYK-JS-ANSIREGEX-1583908"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[696]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc=fix-pr)