search

nodeshift-archived / license-reporter

license-reporter is a tool that gathers licenses for project's dependencies and produces a output in XML, JSON, YAML and HTML format.
Apache License 2.0
13 stars 10 forks source link

[Snyk] Upgrade standard-version from 9.3.1 to 9.3.2 #399

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade standard-version from 9.3.1 to 9.3.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIMOFFNEWLINES-1296850		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: standard-version
  • 9.3.2 - 2021-10-17

    Bug Fixes

    • deps: update dependency conventional-changelog-conventionalcommits to v4.6.1 (#752) (bb8869d)
  • 9.3.1 - 2021-07-14

    Bug Fixes

    • updater: npm7 package lock's inner version not being updated (#713) (a316dd0)
from standard-version GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs