wix-incubator / generator-angular-wixapp

MIT License
6 stars 7 forks source link

[Snyk] Security upgrade yeoman-generator from 0.18.10 to 2.0.3 #20

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1
Improper Privilege Management
SNYK-JS-SHELLJS-2332187
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yeoman-generator The new version differs by 209 commits.
  • d8253fc 2.0.3
  • 971c1a8 Fix issue #1050 regarding unsecured dependencies (#1056)
  • 150053c Update Travis version support
  • 967cb0f 2.0.2
  • d291b78 Bump dependencies
  • f7b8167 fix: Do not apply user defaults when question.choices is a function. Fix #1051
  • 825305e Fix typo in comment (#1044)
  • 28cbab2 2.0.1
  • 2955a84 Bump dependencies (+ security fix of debug)
  • 9e4ccf5 2.0.0
  • a29e5d9 Bump dependencies
  • 96da393 Bump package-lock.json
  • 4b1b841 Replace gulp with raw Mocha
  • 6effbfe Use raw nsp
  • 183b3a8 Get rid of before/after (toward jest migration)
  • 68d59c1 Add package-lock.json
  • f8e46b0 Don't die on diffing file deletions (again) (#1028)
  • edc2bf2 [comments] Change wrong param name in description (#1018)
  • 364606e Switch to `make-dir`
  • eaf1ade New: option shorthand on installDependencies method (#1015)
  • e296e52 Bump XO and minor style tweaks
  • 9da7391 Bump dependencies
  • b010701 More ES2015ifing
  • cfd2a8e Refactor install methods to handle promises - ref #1006
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic