ibm-watson-data-lab / simple-search-service

A faceted search engine and content API.
39 stars 27 forks source link

[Snyk] Upgrade cfenv from 1.0.4 to 1.2.4 #104

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade cfenv from 1.0.4 to 1.2.4.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary Code Execution
SNYK-JS-JSYAML-174129
619/1000
Why? Has a fix available, CVSS 8.1
No Known Exploit
Denial of Service (DoS)
SNYK-JS-JSYAML-173999
619/1000
Why? Has a fix available, CVSS 8.1
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: cfenv from cfenv GitHub release notes
Commit messages
Package name: cfenv
  • fb0a2aa update dependencies, now at version 1.2.4
  • 63e072a version 1.2.3
  • 02bb92d Issue 45 Remove '.cfignore'
  • 4103a3e version 1.2.2
  • b07a59e handle ports race condition by returning 3000
  • 6927628 version 1.2.1
  • 3f19f12 Upgrade js-yaml to avoid Denial of Service
  • a5dbceb version 1.2.0
  • 1a730e3 Stop using outdated manifest stanza; use random-route instead
  • f8b0392 Upgrade underscore version 1.9.x
  • b60ef7c add test for local vcapFile port usage
  • c6262a6 Locally use the options to read the port
  • 3490eda add support for vcapFile option
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs