search

postmanlabs / sails-mysql-transactions

sails/waterline ORM with mySQL transaction support
Apache License 2.0
59 stars 20 forks source link

[Snyk] Security upgrade newman from 3.10.0 to 4.0.0 #101

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-LODASH-590103		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: newman The new version differs by 160 commits.
  • 4cf9b05 Merge branch 'release/4.0.0'
  • b2db29d Released v4.0.0
  • d984e5d Merge pull request #1656 from postmanlabs/feature/v4
  • b7f428c Merge pull request #1660 from postmanlabs/feature/drop-v1-collection-support
  • 4a36ec8 Minor: Update MIGRATION Guide
  • c072568 Updated error message
  • 8e6c752 Minor: formatting
  • 5314c7f Updated MIGRATION Guide
  • 448c4d0 Updated CHANGELOG
  • a5d4619 Add unit tests for v1 collection format
  • 95339e1 Drop support for v1 collection format
  • c01365d Merge branch 'develop' into feature/v4
  • 059bee3 Merge pull request #1643 from postmanlabs/greenkeeper/parse-gitignore-1.0.1
  • 0861dad Removed incorrect cli test :bug:
  • 3c133fe Fixed lint errors :shirt:
  • 136a5fc Merge pull request #1659 from postmanlabs/greenkeeper/postman-collection-transformer-2.6.2
  • 370fba8 fix(package): update postman-collection-transformer to version 2.6.2
  • 9f79780 Merge branch 'feature/v4' into greenkeeper/parse-gitignore-1.0.1
  • 3c23836 Merge branch 'develop' into feature/v4
  • 5686687 Fixed broken builds :white_check_mark:
  • 2d14ae5 Merge branch 'feature/v4' into greenkeeper/parse-gitignore-1.0.1
  • cb88bb2 Resolved merge conflicts with develop
  • 85d1293 Accounted for breaking changes in parse-gitignore v1.0.1
  • ad60613 Merge pull request #1658 from postmanlabs/greenkeeper/commander-2.17.0
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic