oaeproject / 3akai-ux

Open Academic Environment (OAE) Front-End
http://www.oaeproject.org
Educational Community License v2.0
134 stars 206 forks source link

[Snyk] Fix for 2 vulnerabilities #4249

Open brecke opened 3 years ago

brecke commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-GETOBJECT-1054932
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lerna The new version differs by 250 commits.
  • 4582c47 chore(release): v4.0.0
  • 2d0a97a fix(version): Ensure --create-release environment variables are present during initialization
  • 63f18ba test(version): Assert on mocked releases, not calls
  • 1f17e0c chore(lerna): Set top-level package tag -> next
  • 80a072e chore(lerna): Enable --temp-tag during publish
  • e00779a chore: Add release script
  • 255c2ea docs(version): Move changelogPreset examples
  • 7acf883 Merge branch 'next' into 'main'
  • c3814b5 test(child-process): Avoid windows bullshit
  • 671ddef chore: Reset lockfile
  • affed1c feat(deps): Bump dependencies
  • 126676a chore(scripts): Support --no-install flag
  • d8100fd feat(deps): execa@^5.0.0
  • 187cd58 chore(deps): Bump devDependencies
  • ce232c8 chore: remove volta pins, annoying
  • d181863 chore: Bump volta pins
  • 42ab453 feat(prompt): Remove ambiguous exports
  • 4acff59 refactor: Synchronize import ChildProcessUtilities -> childProcess
  • a02e12e refactor(test): Refactor mockPromptChoices() -> promptSelectOne.chooseBump()
  • 69bb2e4 refactor: Decompose PromptUtilities namespace import
  • a08bafb refactor(test): Use unambiguous mockPromptChoices() method
  • 3c67f15 refactor: Migrate to unambiguous promptConfirmation()
  • 5d05d95 refactor: Migrate to unambiguous promptSelectOne()
  • e9237f3 refactor: Migrate to unambiguous promptTextInput()
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


This change is Reviewable