search

jozefizso / generator-license

Yeoman Generator - License
MIT License
59 stars 20 forks source link

generator-license v5.5 #102

Closed jozefizso closed 3 years ago

jozefizso commented 3 years ago

I've updated dependencies to fix several security issues reported by npm audit.

The package now requires yeoman-generator v4.13 and NodeJS v10.
Development packages may require higher version of NodeJS.

The travis build script was updated to check compatibility with current NodeJS LTS releases.

Changelog

npm audit report

glob-parent  <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
fix available via `npm audit fix --force`
Will install yeoman-generator@5.3.0, which is a breaking change
node_modules/fast-glob/node_modules/glob-parent
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/globby
    node_modules/yeoman-environment/node_modules/globby
    node_modules/yeoman-environment/node_modules/mem-fs-editor/node_modules/globby
      mem-fs-editor  4.0.1 - 4.0.2 || 5.0.0 - 6.0.0 || 7.0.1 - 7.1.0
      Depends on vulnerable versions of globby
      node_modules/mem-fs-editor
      node_modules/yeoman-environment/node_modules/mem-fs-editor
        yeoman-environment  2.1.0 - 3.0.0-rc.1
        Depends on vulnerable versions of globby
        Depends on vulnerable versions of mem-fs-editor
        node_modules/yeoman-environment
          yeoman-generator  3.0.0 - 4.13.0
          Depends on vulnerable versions of mem-fs-editor
          Depends on vulnerable versions of yeoman-environment
          node_modules/yeoman-generator
            yeoman-test  1.8.0 - 4.0.2
            Depends on vulnerable versions of mem-fs-editor
            Depends on vulnerable versions of yeoman-environment
            Depends on vulnerable versions of yeoman-generator
            node_modules/yeoman-test

7 moderate severity vulnerabilities