ever-co / ever-demand

Ever® Demand™ - Open Commerce Platform - https://everdemand.co
https://everdemand.co
GNU Affero General Public License v3.0
1.74k stars 464 forks source link

[Snyk] Security upgrade pm2 from 4.5.6 to 5.0.0 #1375

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: pm2 The new version differs by 31 commits.
  • 76d3e38 pm2@5.0.0
  • 1def3d8 prep pm2@5.0.0
  • 65df2e4 travis: remove node 10 and 8 testing
  • c6f3373 add v16 to travis testing
  • b75ac26 add some ESM example
  • 4a2b3d0 switch to @ pm2/agent with json-diff-patch
  • 4c0ebc7 bump devDependencies package to latest
  • f4eb9f7 update
  • ce78df5 pm2-axon-rpc to 0.7.0
  • bdf8b82 merge
  • c13802e test: check if travis or mocha
  • 69cdb02 Merge branch 'development' of github.com:Unitech/pm2 into development
  • 65bdc97 make websocket json diff patch by default
  • 15261fd feature: auto start pm2-sysmonit - allow to disable via pm2 set pm2:sysmonit false
  • a116e4f Merge pull request #4987 from KennyTheBard/fix-monit-logs
  • 8c83f30 Merge pull request #4980 from gajus/master
  • 7779c82 Merge branch 'development' into master
  • 3e41cef App logs from monitor will not be deleted on selecting a different app
  • 5a5f9e7 reflect metrics speed bar with pm2-sysmonit 1.2.0
  • ce7ea20 switch to agent in #development
  • dd5c83f merge
  • afacd98 refactor: replace sprintf-js with fast-printf
  • 5ad39c8 merge
  • d535ec1 chore: fix for sysmonit updated
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

CLAassistant commented 3 years ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.