[Snyk] Security upgrade prebuild-install from 5.3.6 to 7.0.0 - Githubissues

gmright2 / DEFOLD_Gmright_INLINE

MIT License

0 stars 5 forks source link

[Snyk] Security upgrade prebuild-install from 5.3.6 to 7.0.0 #162

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Gmright/Milestones/Gmright-market/Commerce/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	833/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: prebuild-install

The new version differs by 37 commits.

542788b 7.0.0
8ebc076 Add release workflow
ff4a4d8 Update badges in README
7468c14 Bump simple-get
1d53607 Bump tape devDependency
734ae27 Bump standard devDependency
477f347 Breaking: bump node-abi so that Electron 14+ gets correct ABI (#161)
c96c526 6.1.4
b3fad76 Move auth token to header instead of query param (#160)
a964e5b Remove _ prefix as it isn't allowed by npm config (#153)
57bcc06 Make 'rc.path' absolute (#158)
cca87fb 6.1.3
e08d75a Fixes #154: Inline no longer maintained `noop-logger` (#155)
5ee1a2f Point users towards prebuildify (#150)
97ff071 6.1.2
db36c7a Support URL-safe strings in scoped packages (#148)
b772a42 Cleanup workflow
ff6429e Move to GitHub Actions (#149)
2e3fedb 6.1.1
2950fb2 Bump node-abi to prevent dedupe (closes #135)
8cb1ced Support force & buildFromSource options in yarn (#140)
f6d0cee 6.1.0
dc4e5ea Restore local prebuilds feature (#137)
43d581a 6.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

commit-lint[bot] commented 2 years ago

Bug Fixes

Gmright/Milestones/Gmright-market/Commerce/package.json to reduce vulnerabilities (a39016e)

Contributors

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR