mike-goodwin / owasp-threat-dragon

An open source, online threat modelling tool from OWASP

http://mike-goodwin.github.io/owasp-threat-dragon/

Apache License 2.0

481 stars 130 forks source link

[Snyk] Fix for 1 vulnerabilities #132

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.

Vulnerabilities that will be fixed

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

guardrails[bot] commented 4 years ago

:warning: We detected security issues in this pull request:

Vulnerable Libraries (2)

- [minimatch@2.0.10](https://github.com/mike-goodwin/owasp-threat-dragon/blob/a4003d2b42384211730e384fdf195f32d93c5b61/package.json#Lnull) upgrade to `>=3.0.2` - [constantinople@3.0.2](https://github.com/mike-goodwin/owasp-threat-dragon/blob/a4003d2b42384211730e384fdf195f32d93c5b61/package.json#Lnull) upgrade to `>=3.1.1` More info on how to fix Vulnerable Libraries in [Javascript](https://www.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

codecov[bot] commented 4 years ago

Codecov Report

Merging #132 into master will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #132   +/-   ##
=======================================
  Coverage   97.93%   97.93%           
=======================================
  Files          25       25           
  Lines         532      532           
  Branches       29       29           
=======================================
  Hits          521      521           
  Misses         11       11

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update b18e026...a4003d2. Read the comment docs.