search

sheerun / prettier-standard

Formats with Prettier and lints with ESLint+Standard! (✿◠‿◠)
MIT License
868 stars 44 forks source link

[Snyk] Security upgrade prettierx from 0.11.3 to 0.18.2 #132

Open sheerun opened 2 years ago

sheerun commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=prettierx&from_version=0.11.3&to_version=0.18.2&pr_id=689397cb-0575-4a39-b681-8a172de6788a&visibility=true&has_feature_flag=false) #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-POSTCSS-1255640](https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TRIM-1017038](https://snyk.io/vuln/SNYK-JS-TRIM-1017038) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: prettierx The new version differs by 250 commits.
  • b48bc5a prettierx: version 0.18.2
  • b86fd8b prettierx fix: switch to @ brodybits/remark-parse fork (#598)
  • eac7fe4 prettierx chore: update jest -> 27.0.4 --dev
  • 9e69934 prettierx: Update rollup -> 2.51.2 - devDependency (#570)
  • c141d74 prettierx: Update jest-snapshot-serializer-raw -> 1.2.0 - devDependency (#567)
  • 825e21c prettierx: Update execa -> 5.1.1 - devDependency (#562)
  • d2b9dae prettierx: Update eslint-plugin-import -> 2.23.4 - devDependency (#560)
  • 2197cb4 prettierx: Update eslint-config-prettier -> 8.3.0 - devDependency (#559)
  • c0f73fe prettierx test import & export with multiple Babel parsers
  • fbbbf98 prettierx test "bracket spacing" with multiple Babel parsers
  • 7ccfc64 prettierx test: add CI test on Ubuntu / Node.js 16
  • d22e6d2 prettierx chore(yarn.lock): bump ws from 7.4.4 to 7.4.6 (#555)
  • dca7708 prettierx: set version to 0.18.2-dev for a patch release
  • a81e06d prettierx chore(dev-deps): bump browserslist from 4.16.0 to 4.16.6 (#551)
  • a83307d prettierx chore(dev-deps): bump hosted-git-info from 2.8.8 to 2.8.9 (#547)
  • bf653b3 prettierx chore(dev-deps): bump handlebars from 4.7.6 to 4.7.7 (#541)
  • d381777 prettierx: Update eslint -> 7.28.0 - devDependency (#566)
  • f8b0fef prettierx fix(test) re: TS types & balanced formatting
  • dbab1e0 prettierx test: TS types & balanced tarnary formatting
  • db45234 prettierx: Update ci-info -> 3.2.0 - dependency (#558)
  • 9857c22 prettierx: Update find-parent-dir -> 0.3.1 - dependency (#557)
  • d4f291e prettierx chore: update cspell - move prettierx entries (#556)
  • 45a22db prettierx: Update @ glimmer/syntax -> 0.56.2 - dependency (#527)
  • a2f0061 prettierx: start 0.19.0-dev
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/sheerun/project/fd1e7a52-d493-40b4-954b-3fd4252d3e4d?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/sheerun/project/fd1e7a52-d493-40b4-954b-3fd4252d3e4d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"689397cb-0575-4a39-b681-8a172de6788a","prPublicId":"689397cb-0575-4a39-b681-8a172de6788a","dependencies":[{"name":"prettierx","from":"0.11.3","to":"0.18.2"}],"packageManager":"npm","projectPublicId":"fd1e7a52-d493-40b4-954b-3fd4252d3e4d","projectUrl":"https://app.snyk.io/org/sheerun/project/fd1e7a52-d493-40b4-954b-3fd4252d3e4d?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-POSTCSS-1255640","SNYK-JS-TRIM-1017038"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-POSTCSS-1255640","SNYK-JS-TRIM-1017038"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[696,586,696]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc=fix-pr)
PabloB94 commented 2 years ago

Hi, any chance this could be merged? It affects a couple pretty serious vulnerabilities. Thank you :)