servexyz / repo-genesis-cli

💥 Monolith relations across multiple repositories
https://www.npmjs.com/package/repo-genesis-cli
MIT License
1 stars 2 forks source link

[Snyk] Security upgrade meow from 5.0.0 to 8.0.0 #34

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: meow The new version differs by 52 commits.
  • a1f5f0f 8.0.0
  • 1b3d9ee Upgrade dependencies
  • ef7ae5d Gracefully handle package.json not being found (#167)
  • 49ce74d Make `isMultiple` non-greedy (#162)
  • 14924de Default `isMultiple` to empty array (#163)
  • dc7dae4 7.1.1
  • 71d640e Fix compatibility with `vercel/ncc` (#159)
  • ebe00a1 7.1.0
  • e38789f Improve flags types to acknowledge `isMultiple` and `isRequired` options (#154)
  • fa2a374 Fix typo
  • 629af48 Update `minimist-options` and remove type coercion patch (#152)
  • 1c251e8 Rename `yargs` to `parseArguments` (#149)
  • 20f6e85 Rename `camelcase` to `camelCase` (#151)
  • 1f265e4 7.0.1
  • e08eb4d Fix `isMultiple` not handling multi-word flags (#150)
  • e3301ed 7.0.0
  • ea3fd99 Require Node.js 10
  • 1eede6a Add `isRequired` flag option (#141)
  • c4c5ee2 Add `isMultiple` option for flags (#143)
  • d9d42a2 Document ES Modules usage (#147)
  • 43e9f39 Fix Travis
  • 3c23328 6.1.1
  • f85b546 Update dependencies
  • c67d9f4 Rename occurrences of minimist to parser (#146)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic