[Snyk] Security upgrade nodemon from 1.12.1 to 2.0.0 - Githubissues

rangle / angular-ssr

Angular 4+ server-side rendering solution compatible with @angular/material, jQuery, and other libraries that touch the DOM (as well as providing a rich feature set!)

BSD 2-Clause "Simplified" License

279 stars 38 forks source link

[Snyk] Security upgrade nodemon from 1.12.1 to 2.0.0 #129

Open bertrandk opened 3 years ago

bertrandk commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/demand-express/package.json
- examples/demand-express/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nodemon

The new version differs by 190 commits.

9a67f36 feat: update chokidar to v3
6781b40 docs: add license file
0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
b58cf7d chore: Merge branch 'master'
95a4c09 docs: add to faq
3a2eaf7 choe: merge master
3d90879 chore: add logo to site
7d6c1a8 fix: Replace `jade` references by `pug`
74c8749 chore: test funding.yml change
c1a8b75 chore: update funding
d5b9891 test: ensure ignore relative paths
eead311 fix: to avoid confusion like in #1528, always report used extension
12b66cd fix: langauge around "watching" (#1591)
2e6e2c4 docs: README Grammar (#1601)
5124ae9 Merge branch 'master' of github.com:remy/nodemon
95fa05a chore: git card
d84f421 chore: adding funding file
13afac2 fix: ensure signal is sent to exit event
d088cb6 chore: update stalebot
20ccb62 feat: add message event
886527f fix: disable fork only if string starts with dash
64b474e feat: add TypeScript to default execPath (#1552)
2973afb fix: Quote zero-length strings in arguments (#1551)
aa41ab2 fix: hard bump of chokidar@2.1.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic