[Snyk] Security upgrade rewire from 5.0.0 to 6.0.0 - Githubissues

nodeshift-archived / license-reporter

license-reporter is a tool that gathers licenses for project's dependencies and produces a output in XML, JSON, YAML and HTML format.

Apache License 2.0

13 stars 10 forks source link

[Snyk] Security upgrade rewire from 5.0.0 to 6.0.0 #410

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: rewire

The new version differs by 25 commits.

9e7f846 v6.0.0
39fe8e2 Update CHANGELOG.md
daaba26 Update package-lock.json
4e5abba Replace istanbul with nyc
a511f92 Replace Travis with GitHub action
22572ac Merge pull request #168 from rensbaardman/fix-167-global-var-leakage
9dba017 Replace several push calls with a single one
0b6d85a Re-add test case for globals
92d9a33 Merge branch 'master' into fix-167-global-var-leakage
d1474b3 Merge pull request #171 from rensbaardman/stack-trace-test-firefox
b70fdc0 Improve shebang test
9f194a7 Merge branch 'master' into stack-trace-test-firefox
0584c53 Merge pull request #169 from rensbaardman/change-carriage-returns
ae4bd02 Improve shebang test
54440b6 Merge pull request #179 from breautek/shebang-fix
869fb2c 5.0.0
9ec9276 Merge pull request #193 from tsekityam/tsekityam/patch-1
70c0c07 Add missing dev dependency istanbul
342487f Bump eslint to v7
30b8eef Bump mocha to v9
0244069 fix: GH-178 import error on shebang modules
dea7b22 test: GH-178 Unit tests for importing shebang modules
f71de3b Add Firefox compatibility to stack trace test
7bec7f8 Fix #167: non-enumerable globals are now also prefixed with `var`

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic