search

firespring / givesource

Other
13 stars 2 forks source link

[Snyk] Fix for 1 vulnerabilities #74

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: inquirer The new version differs by 194 commits.
  • 65a4d59 Publish
  • e2099ed Update dependencies
  • 8270551 Produce error on prompt in non-tty environment. (#891)
  • 6a883e6 Update lint-staged to the latest version 🚀 (#886)
  • 4b8b47f Publish
  • 833385b Workaround node.js bug with readline (#882)
  • ee55149 Add inquirer-table-prompt plugin (#884)
  • 942908f Publish
  • a70ee52 Revert "Workaround node.js bug that closes main input and output stream. (#879)" (#881)
  • 0bc1b01 Publish
  • 3d0ff8c Workaround node.js bug that closes main input and output stream. (#879)
  • 7ec6ea0 Publish
  • e2e07e3 Fix #862 - Do not throw when returning undefined from filter functions
  • af16d5b Fix #845 - Fix broken asynchronous validation
  • 904e473 fix multi rawList bug (#861) (#867)
  • 45af563 Bugfix: Choices.push() breaks index if a disabled item was already in the Choices (#869)
  • 8248ee5 Update Readme: Add FOSSA check and remove Node 6 support notice.
  • 05f34b6 Bump dependencies
  • f04c5cf Remove broken unit tests
  • 3ab4549 Add new editor prompt
  • 6a2aa06 Add screenshots to mono repo package readmes
  • d76c929 Refactor new expand prompt with the hooks
  • 7cf9d99 Fix input prompt final answer formatting
  • c172c75 Update new confirm prompt to use the hook API
See the full diff
Package name: inquirer-autocomplete-prompt The new version differs by 45 commits.
  • c85f3b5 1.0.1
  • 274c347 Merge pull request #65 from mokkabonna/move-inquirer-to-peer-dependencies
  • ae9ff83 Move inquirer to dev- and peerDependencies
  • f0744e2 Merge pull request #64 from mokkabonna/upgrade-to-inquirer-v4-classes
  • 317090c 1.0.0
  • 1a7c518 Test out removing global Istanbul install
  • e51cd85 Reorder package.json properties
  • 8482c39 Only support Node.js versions >= 6.0.0
  • 9b8738c Remove unnecessary ignore line
  • a408da2 Add Flow types and type check in pretest
  • 56fbe50 Upgrade to Inquirer.js version 6.0.0
  • 07082b5 Add myself as contributor
  • bed9ec6 Remove third party promise lib devDependencies
  • ac87692 Upgrade from JSHint and JSCS to ESLint
  • 2121783 Remove duplicate key
  • adb0c98 Fix comments, remove todo
  • b660087 Fix JSHint errors
  • 470e09d Upgrade to inquirer v4 class-based API
  • 7cff3f1 Remove unused declarations
  • 0179a20 Merge pull request #63 from karlhorky/add-prettier-and-format-codebase
  • 012d653 Add Prettier and format codebase
  • 27ec401 Merge pull request #62 from karlhorky/add-node-10
  • cbdba6d Update package-lock.json
  • 3f9d1b2 Add Node.js version 10 to .travis.yml
See the full diff
Package name: nyc The new version differs by 79 commits.
  • bebf4d6 chore(release): 15.0.0
  • 2931730 chore: Update to final releases of dependencies (#1245)
  • d44ff19 chore: Update node-preload and use process-on-spawn (#1243)
  • 5258e9f feat: Filenames relative to project cwd in coverage reports (#1212)
  • 6039f29 chore: Unpin test-exclude, update to latest pre-releases (#1240)
  • f3c9e6c chore: Temporarily pin test-exclude (#1239)
  • 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (#1232)
  • 7307626 chore: Remove cp-file module (#1230)
  • dfd629d fix: Better error handling for main execution, reporting (#1229)
  • 549c953 chore: Update dependencies, pin find-cache-dir (#1228)
  • a1dee03 chore: Update yargs (#1224)
  • 8078a79 chore: Fix 404 in README.md. (#1220)
  • 7a02cb7 chore: Add enterprise language (#1217)
  • ea94c7f chore: Remove unused functions (#1218)
  • 53c66b9 docs: `npm home nyc` goes to github master branch README (#1201)
  • cf5e5d3 chore: Update dependencies
  • 8411a26 fix: Correct handling of source-maps for pre-instrumented files (#1216)
  • f890360 docs: Fix URL to default excludes in README.md (#1214)
  • 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
  • 0efc6d1 chore: Tweak arguments for async coverage data readers (#1198)
  • cc77e13 chore: Add `use strict` to all except fixtures (#1197)
  • bcbe1df chore: Update dependencies (#1196)
  • 2735ee2 chore: 100% coverage (#1195)
  • fd40d49 feat: Use @ istanbuljs/schema for yargs setup (#1194)
See the full diff
Package name: webpack-cli The new version differs by 250 commits.
  • fb50f76 chore(release): publish new version
  • 2c75aeb chore: new version of the packages
  • 0d05c30 chore(release): publish %s
  • 3f9e151 chore: fix lerna config
  • 2c1e34c tests(generator): enhance init generator tests (#1236)
  • 6ee61b9 Fix loader-generator and plugin-generator tests (#1250)
  • 52956a2 Fixing the typos and grammatical errors in Readme files (#1246)
  • 7faaed2 chore: update Bug_report & Feature_request Templates (#1256)
  • 7a5b33d feat(webpack-cli): added mode argument (#1253)
  • 3715756 tests(webpack-cli): add test case for defaults flag (#1254)
  • a7cba2f chore: project maintanance and typescript fix (#1247)
  • 7748472 chore: ignore package-lock.json and remove its references (#1252)
  • a014aa7 docs: fix supported arguments & commands link in README (#1244)
  • 06129a1 feat(webpack-cli): add progress bar for progress flag (#1238)
  • 6cc6a49 chore: post refactor CLI (#1237)
  • 358651e chore: move cli under lerna package (#1225)
  • 2dc495a fix(init): fix webpack config scaffold (#1231)
  • 1ab62d2 tests(generator): add tests for plugin generator (#1235)
  • d2dd0c1 tests(sourcemap): fix flaky stats statement (#1232)
  • f6dc680 tests(loader-generator): add tests for loader generator (#1234)
  • 35d1381 tests(generator): enable init generator test (#1233)
  • 66cdcb6 chore(generator): remove transpiled tests (#1229)
  • f29a170 fix(init): fix the invalid package name (#1228)
  • 8c3a66d chore(cli): updated changelog of v3 (#1224)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic