search

thobach / MMM-Gestures

MMM-Gestures is a head-less 3rd party module for MagicMirror that allows to control the Magic Mirror via gestures of two types of infrared sensors. Use cases include presence awareness to trigger compliments or go into sleep mode and scrolling through news tickers or view news details.
http://blog.thomas-bachmann.com/2016/02/magic-mirror-2-0-mit-gestensteuerung.html
42 stars 12 forks source link

[Snyk] Security upgrade magicmirror-rebuild from 1.0.5 to 1.0.7 #21

Closed thobach closed 2 years ago

thobach commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=magicmirror-rebuild&from_version=1.0.5&to_version=1.0.7&pr_id=3a649357-2454-4fc0-bebc-633cb92284da&visibility=true&has_feature_flag=false) #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **556/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: magicmirror-rebuild The new version differs by 6 commits.
  • b2ac5e6 bump security vulnerabilities
  • 129b1a1 Update README.md
  • 64e1dfa Update README.md
  • 2c66b6f Update package.json
  • 9ce35ba Merge pull request #1 from thobach/main
  • 4abb42b bumping up dependency of node-gyp from 7.1.x to 9.0.x
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/thobach/project/bb6b4149-41e4-488c-91cc-bb2bef638132?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/thobach/project/bb6b4149-41e4-488c-91cc-bb2bef638132?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"3a649357-2454-4fc0-bebc-633cb92284da","prPublicId":"3a649357-2454-4fc0-bebc-633cb92284da","dependencies":[{"name":"magicmirror-rebuild","from":"1.0.5","to":"1.0.7"}],"packageManager":"npm","projectPublicId":"bb6b4149-41e4-488c-91cc-bb2bef638132","projectUrl":"https://app.snyk.io/org/thobach/project/bb6b4149-41e4-488c-91cc-bb2bef638132?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-GOT-2932019"],"upgrade":["SNYK-JS-GOT-2932019"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[556]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Open Redirect](https://learn.snyk.io/lessons/open-redirect/javascript?loc=fix-pr)