sheerun / prettier-standard

Formats with Prettier and lints with ESLint+Standard! (✿◠‿◠)
MIT License
867 stars 44 forks source link

[Snyk] Fix for 1 vulnerabilities #138

Open sheerun opened 1 year ago

sheerun commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: eslint The new version differs by 210 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: espree@7.0.0 (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)
See the full diff
Package name: prettierx The new version differs by 250 commits.
  • 6857e21 prettierx: version 0.14.0
  • 99d1c46 prettierx: spellcheck *.md with spelling fixes
  • 2baf7c0 prettierx: regenerate yarn.lock (yet again)
  • 77f77ac prettierx: Update @ glimmer/syntax -> 0.56.1 - dependency (#349)
  • 5e2b915 prettierx: regenerate yarn.lock
  • 0cb32e8 prettierx: Update terser-webpack-plugin -> 4.1.0 - devDependency (#348)
  • f026be0 prettierx: make flow-parser an optional dependency
  • 9333e68 prettierx: use babel-ts parser for TypeScript by default
  • 494dcd0 prettierx: update GitHub CI workflow actions
  • 601d1e3 prettierx: add & update a few more comments
  • 007ad9e prettierx: update some comments & blank lines
  • d5a693d prettierx: remove old no-control-regex setting
  • fb0cba5 prettierx: simplify args formatting & --paren-spacing (#335)
  • 0c66abe prettierx: Update jest -> 26.3.0 - devDependency (#347)
  • 6c30d64 prettierx: Update get-stream -> 6.0.0 - dependency (#346)
  • c1a2bf8 prettierx: Update get-stream -> 5.2.0 - dependency (#345)
  • 591f512 prettierx: Update rollup-plugin-terser -> 7.0.0 - devDependency (#344)
  • 5fdcf15 prettierx: Update @ babel/parser -> 7.11.3 - dependency (#343)
  • 412fc65 prettierx: Update rollup -> 2.23.1 - devDependency (#341)
  • f3456e9 prettierx: Update resolve -> 1.17.0 - dependency (#340)
  • c586672 prettierx: Update prettier -> 2.0.5 - devDependency (#303)
  • 0d6a7da prettierx: Update linguist-languages -> 7.10.0 - dependency (#191)
  • 7e69d76 prettierx: Update jest-docblock -> 26.0.0 - dependency (#302)
  • a395d95 prettierx: update jest -> 26.2.2 --dev
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/sheerun/project/fd1e7a52-d493-40b4-954b-3fd4252d3e4d?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/sheerun/project/fd1e7a52-d493-40b4-954b-3fd4252d3e4d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"b7ca1374-5dc5-425f-ab1f-067621e824cf","prPublicId":"b7ca1374-5dc5-425f-ab1f-067621e824cf","dependencies":[{"name":"eslint","from":"6.8.0","to":"7.0.0"},{"name":"prettierx","from":"0.11.3","to":"0.14.0"}],"packageManager":"npm","projectPublicId":"fd1e7a52-d493-40b4-954b-3fd4252d3e4d","projectUrl":"https://app.snyk.io/org/sheerun/project/fd1e7a52-d493-40b4-954b-3fd4252d3e4d?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)