iandotkelly / nlf

Node License Finder
MIT License
153 stars 41 forks source link

[Snyk] Security upgrade snyk-resolve-deps from 4.0.2 to 4.6.0 #72

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk-resolve-deps The new version differs by 34 commits.
  • 8c85cd3 Merge pull request #68 from snyk/feat/snyk-module
  • 6cc6692 feat: upgrade snyk-module
  • b757135 Merge pull request #67 from snyk/feat/types
  • 388b01b feat: @ types are not prod dependencies
  • e396992 Merge pull request #66 from snyk/chore/tarvis-node-version
  • 543a0c3 chore: travis to build from node 10
  • 7c56606 Merge pull request #64 from snyk/f/fix-vuln-deps
  • 9cc65d9 fix: Use lodash sub modules
  • a12705c Merge pull request #65 from snyk/chore/upgrade-node-env
  • 516163a chore: upgrade Node version
  • 53a87be Merge pull request #59 from snyk/chore/jscs
  • 5ef31d2 chore: remove unused jscs
  • 1176be5 Merge pull request #56 from deneuv34/use-lodash-as-deps
  • c4813f2 Merge remote-tracking branch 'upstream/master' into use-lodash-as-deps
  • 1e2d31c Merge pull request #60 from snyk/fix/decouple
  • 8d9bebe fix: tests don't depend on our packages
  • 512b43e chore: npm/nvm rcs
  • bda8aea Merge pull request #57 from snyk/chore/travis-tweaks
  • 907d9a0 chore: travis: cache: npm
  • ff23ca6 chore: remove unused dependencies
  • fd8bd4d chore: use `lodash` as a dep directly
  • f682e42 Merge pull request #54 from snyk/chore/codeowners
  • e196d64 chore: travis: bionic
  • 936414e chore: codeowners -> boost
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

coveralls commented 3 years ago

Coverage Status

Coverage remained the same at 95.402% when pulling 196c77297d67438d98631a0e1157963076746f60 on snyk-fix-eaffedd6c29eb60f20bb748e9653f9ec into f602dd1c7cae36a921b60bf8a19edcf04cd926a7 on master.