search

raywo / MMM-NowPlayingOnSpotify

A module for MagicMirror displaying the song currently playing on Spotify.
MIT License
205 stars 43 forks source link

[Snyk] Security upgrade npm from 5.10.0 to 6.0.0 #92

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1085630		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm The new version differs by 100 commits.
  • 7e679fd 6.0.0
  • 73e50a7 test: prepublish-only: Use our own copy of npm
  • 82dfa54 6.0.0-next.2
  • 408a7ff update AUTHORS
  • 1b021d0 doc: update changelog for npm@6.0.0
  • 9c1eb94 inflate-shrinkwrap: For git changelings use version as resolved
  • 2facb35 has-modern-meta: Correctly identify git changelings
  • e4ed976 install/deps: Let git deps w/ lock only match package.json
  • 552ff6d audit: Ensure we don't mutate the shrinkwrap
  • f2386e1 test: standard common-tap
  • 1d8ac24 test: JSON parse error message changed slightly
  • cd36a21 audit: Avoid config-meta's literal-only test
  • 09c7348 test: Default audit to off when testing
  • 8e71334 audit: Add docs
  • be393a2 audit: Temporarily suppress git metadata till there's an opt-in
  • 8c77dde audit: Add new audit command
  • 5e28404 npm: Make --timing set loglevel=timing
  • a17d14e perf: Fix timing catch
  • 594d169 npm-audit-report@1.0.5
  • f4bc648 npm-registry-fetch@1.1.0
  • 820f74a pkglock: add from field back into git dependencies (#20384)
  • 833046e docs: add --scope to npm init usage (#20373)
  • ed81d14 test: ensure npm init forwards arguments (#20372)
  • 9d5d0a1 install-test: fix shrinkwrap handling of package-lock.json (#20358)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic