search

hyperledger-archives / aries-framework-go

Hyperledger Aries Framework Go provides packages for building Agent / DIDComm services.
https://wiki.hyperledger.org/display/ARIES/aries-framework-go
Apache License 2.0
241 stars 158 forks source link

[Snyk] Upgrade minimist from 1.2.5 to 1.2.8 #3620

Open dhh1128 opened 10 months ago

dhh1128 commented 10 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade minimist from 1.2.5 to 1.2.8.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **6 months ago**, on 2023-02-09. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-MINIMIST-2429795](https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795) | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: minimist
  • 1.2.8 - 2023-02-09

    v1.2.8

      </li>
  <li>
    <b>1.2.7</b> - <a href="https://snyk.io/redirect/github/minimistjs/minimist/releases/tag/v1.2.7">2022-10-11</a></br><p>v1.2.7</p>
  </li>
  <li>
    <b>1.2.6</b> - <a href="https://snyk.io/redirect/github/minimistjs/minimist/releases/tag/v1.2.6">2022-03-22</a></br><p>v1.2.6</p>
  </li>
  <li>
    <b>1.2.5</b> - <a href="https://snyk.io/redirect/github/minimistjs/minimist/releases/tag/v1.2.5">2020-03-12</a></br><p>v1.2.5</p>
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/minimistjs/minimist/releases">minimist GitHub release notes</a>

Commit messages
Package name: minimist
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing `npmignore` dev dep
  • 098873c [Dev Deps] update `@ ljharb/eslint-config`, `aud`
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • 950eaa7 [Dev Deps] update `tape`
  • 4f9bc3e [Fix] opt.string works with multiple aliases (#10)
  • 9c7dc85 [Fix] Fix handling of short option with non-trivial equals
  • 3124ed3 [Dev Deps] update `@ ljharb/eslint-config`, `aud`
  • 5784b17 [Tests] Remove duplicate test
  • 2edc957 [Fix] opt.string works with multiple aliases
  • 62fde7d [eslint] more cleanup
  • 5368ca4 [eslint] fix indentation and whitespace
  • 980d7ac Merge tag 'v0.2.2'
  • 42635cd v0.2.2
  • c590d75 v1.2.7
  • 73923d2 [meta] add `auto-changelog`
  • 0ebf4eb [meta] add `auto-changelog`
  • d80727d [actions] add reusable workflows
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs