htilly / zenmusic

Slack / Sonos / Spotify / Node.js - Control Sonos through #Slack
125 stars 36 forks source link

[Snyk] Security upgrade nconf from 0.8.5 to 0.11.0 #57

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-Y18N-1021887
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nconf The new version differs by 26 commits.
  • 85229df chore: enable circleci
  • 91e9106 chore: update changelog
  • 4122731 0.11.0
  • 56794d1 chore: upgrade deps to fix security vulns
  • 1392ac4 0.10.0
  • 01f25fa Regex as env separator (#288)
  • 16667be Argv store separator (#291)
  • bac910a 0.9.1
  • 2bdf7e1 Clean Argv Store options (#290)
  • b9321b2 transformer can now return an undefined key (#289)
  • 81ce0be Update changelog
  • b1ee63c fix error in transform function when dealing with dropped entries (#287)
  • 9f70ba1 [doc] Update changelog
  • 8afcf99 [dist] Version bump. 0.9.0
  • b41c505 Save conf to dedicated file (#283)
  • 52e0a35 Update changelog
  • fa215a4 add tests for the normal configuration of yargs via argv
  • 802a8d6 test for yargs custom instance (more flexible check isYargs)
  • 3e26bb2 Add posibility to pass a yargs instance to argv() method
  • 856fdf8 First pass at transform functions (#279)
  • b9c345b Fix `parseValues` option name
  • 35088a3 Added nconf.any method (#278)
  • ca10d0e Add basic linting rules
  • bfb0220 Remove unused module (#277)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic