[Snyk] Security upgrade snyk-resolve-deps from 4.0.2 to 4.6.0 - Githubissues

iandotkelly / nlf

Node License Finder

MIT License

153 stars 41 forks source link

[Snyk] Security upgrade snyk-resolve-deps from 4.0.2 to 4.6.0 #72

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: snyk-resolve-deps

The new version differs by 34 commits.

8c85cd3 Merge pull request #68 from snyk/feat/snyk-module
6cc6692 feat: upgrade snyk-module
b757135 Merge pull request #67 from snyk/feat/types
388b01b feat: @ types are not prod dependencies
e396992 Merge pull request #66 from snyk/chore/tarvis-node-version
543a0c3 chore: travis to build from node 10
7c56606 Merge pull request #64 from snyk/f/fix-vuln-deps
9cc65d9 fix: Use lodash sub modules
a12705c Merge pull request #65 from snyk/chore/upgrade-node-env
516163a chore: upgrade Node version
53a87be Merge pull request #59 from snyk/chore/jscs
5ef31d2 chore: remove unused jscs
1176be5 Merge pull request #56 from deneuv34/use-lodash-as-deps
c4813f2 Merge remote-tracking branch 'upstream/master' into use-lodash-as-deps
1e2d31c Merge pull request #60 from snyk/fix/decouple
8d9bebe fix: tests don't depend on our packages
512b43e chore: npm/nvm rcs
bda8aea Merge pull request #57 from snyk/chore/travis-tweaks
907d9a0 chore: travis: cache: npm
ff23ca6 chore: remove unused dependencies
fd8bd4d chore: use `lodash` as a dep directly
f682e42 Merge pull request #54 from snyk/chore/codeowners
e196d64 chore: travis: bionic
936414e chore: codeowners -> boost

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

coveralls commented 3 years ago

Coverage remained the same at 95.402% when pulling 196c77297d67438d98631a0e1157963076746f60 on snyk-fix-eaffedd6c29eb60f20bb748e9653f9ec into f602dd1c7cae36a921b60bf8a19edcf04cd926a7 on master.