Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Directory Traversal
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-MOMENT-2440688
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: convict
The new version differs by 250 commits.- 7f974da v6.0.0
- 203657b Setup Lerna strategy (#368)
- 9f2aec3 Revert "v6.0.0"
- 6162366 v6.0.0
- 8ef51ae More details about Lerna management
- 9bb5bb2 Better do requires at the root of modules
- 29548d2 Cleanup+CHANGELOG update for convict@6.0.0 release
- 7c4087c Use standard ESLint disablings everywhere
- 903638f Fix forgotten Mocha test, to switch to Jest
- 63e2716 Remove useless similar .eslintrc.js files because
- 4a5c90e Clearer source file names (#366)
- 291cb01 Feat switch to jest (#365)
- 0638485 Drop unused Travis sudo: false directive
- 4181329 Explain how to work/contribute with Lerna on
- baed83d Document that this is a Lerna monorepo
- 4114ce1 Feat stricter eslint config (#364)
- 5a16dd1 Fix "Dependency cycles detected"
- bc9f944 Remove use of assert_changelog_ready script
- cf1663e Update lerna devDep to latest
- 3f2df5a Update to eslint@6.8.0
- a6dcebd Switch ESLint config files to JavaScript format
- f76cc78 Use `^x.y.z` range versions for deps
- 7bdd8e1 Improve markdown formatting
- 3ce8352 Add notice about convict@5 and convict@6
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Directory Traversal