search

frinyvonnick / gitmoji-changelog

A changelog generator for gitmoji 😜
https://www.npmjs.com/package/gitmoji-changelog
MIT License
388 stars 49 forks source link

outdated packages has 3 known vulnerabilities. #209

Closed MarkLyck closed 2 years ago

MarkLyck commented 3 years ago

The following 3 vulnerabilities are detected by snyk.io when installing gitmoji-changelog.

These are introduced by outdated third party libraries: libnpm & yargs

Insertion of Sensitive Information into Log File

Screen Shot 2021-01-22 at 08 29 29

Prototype Pollution

Screen Shot 2021-01-22 at 08 30 32

Denial of Service (DoS)

Screen Shot 2021-01-22 at 08 31 10

These vulnerabilities have been fixed in newer versions of the packages. They should be updated.

frinyvonnick commented 3 years ago

Hi @MarkLyck thank you for opening this issue 👍 You would like to open a pull request that updates these dependencies?

frinyvonnick commented 2 years ago

Fixed in #230