[Snyk] Security upgrade shelljs from 0.7.8 to 0.8.5 - Githubissues

linnovate / meanio

meanio core module

MIT License

54 stars 73 forks source link

[Snyk] Security upgrade shelljs from 0.7.8 to 0.8.5 #162

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: shelljs

The new version differs by 71 commits.

70668a4 0.8.5
d919d22 fix(exec): lockdown file permissions (#1060)
fcf1651 0.8.4
a1111ee Silence potentially upcoming circular dependency warning (#973)
d4d1317 0.8.3
db317bf Add test case for sed on empty file (#904)
0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
6b3c7b1 refactor: don't expose tempdir in common.state (#903)
4bd22e7 chore(ci): fix codecov on travis (#897)
2b3b781 fix: silent exec (#892)
37acb86 chore(npm): add ci-or-install script (#896)
4e861db chore(appveyor): run entire test matrix (#886)
d079515 docs: remove gitter badge (#880)
4113a72 grep includes the i flag (#876)
8dae55f Fix(which): match only executable files (#874)
6d66a1a chore: rename some tests (#871)
131b88f Fix cp from readonly source (#870)
1dd437e fix(mocks): fix conflict between mocks and skip (#863)
72ff790 chore: bump dev dependencies and add package-lock (#864)
93bbf68 Prevent require-ing bin/shjs (#848)
aa9d443 chore: output npm version in travis (#850)
4733a32 chore(appveyor): do not use latest npm (#847)
dd5551d chore: update shelljs-release version (#846)
97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic