search

meanjs / generator-meanjs

MEAN.JS Official Yeoman Generator
http://meanjs.org/
473 stars 177 forks source link

[Snyk] Security upgrade yo from 1.5.1 to 2.0.3 #302

Open lirantal opened 1 year ago

lirantal commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=yo&from_version=1.5.1&to_version=2.0.3&pr_id=6f245f7a-7617-42db-a09d-5e8e3aeab5d4&visibility=true&has_feature_flag=true) #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yo The new version differs by 66 commits.
  • 4aafcab 2.0.3
  • 2c478a4 Audit fix
  • ae35426 Fix generator description returning undefined (#587)
  • 4f4c36e Update dependencies
  • 7ad1609 Ensure the same npm version is used for testing
  • 9053bbd Remove the `nsp` task
  • dab9337 Require Node.js 6
  • 479250a 2.0.2
  • 725461b Added global-tunnel-ng to allow usage behind a proxy (#573)
  • 3134157 Spelling (#568)
  • 6153a0d 2.0.1
  • f40c521 Update got and its dependents (#563)
  • 649200a Add BSD 2-Clause license (#555)
  • 4142ca9 Fixes ParseError (#554)
  • 035faf7 Proper OpenCollective badge
  • bfa4ef2 Fix open collective badge in readme.md (#548)
  • 77bdb9b Add documentation for running local generators (#547)
  • ab77908 2.0.0
  • 11af8d6 Bump yeoman-environment to 2.0
  • a75d174 Better error handling when 'generator-' prefix is specified (#520)
  • 6e1a870 Bump dependencies
  • ecd7ffa ES2015ify
  • 018cd95 Bump dependencies
  • b41958c Bump `async`. (#506)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/mean.js/project/918a96e5-f1bd-4b90-b3fc-f98c47cb67d6?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/mean.js/project/918a96e5-f1bd-4b90-b3fc-f98c47cb67d6?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"6f245f7a-7617-42db-a09d-5e8e3aeab5d4","prPublicId":"6f245f7a-7617-42db-a09d-5e8e3aeab5d4","dependencies":[{"name":"yo","from":"1.5.1","to":"2.0.3"}],"packageManager":"npm","projectPublicId":"918a96e5-f1bd-4b90-b3fc-f98c47cb67d6","projectUrl":"https://app.snyk.io/org/mean.js/project/918a96e5-f1bd-4b90-b3fc-f98c47cb67d6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908"],"upgrade":["SNYK-JS-ANSIREGEX-1583908"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[696]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc=fix-pr)