Skip to content
This repository was archived by the owner on Nov 1, 2023. It is now read-only.

[Snyk] Security upgrade snyk from 1.70.3 to 1.316.0 #38

Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade snyk from 1.70.3 to 1.316.0 #38

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Sep 22, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: snyk The new version differs by 250 commits.
  • d7ebe15 Merge pull request #1093 from snyk/feat/bump-deps-to-use-patched-lodash
  • c359e05 feat: patching vulnerable lodash with @ snyk/lodash
  • 39a5284 Merge pull request #1092 from snyk/fix/app-os-cli
  • 71ed530 fix: make sure branch exists
  • c8b4b8e Merge pull request #1090 from snyk/feat/app-os-cli
  • 4b969fd feat: adding target to container projects
  • fccaaae feat: bump docker-plugin to use new format
  • 2961d79 Merge pull request #1089 from snyk/feat/add-reachable-vulns-to-summary
  • 3487ca5 feat: add reachable vulns to the `snyk test` summary line
  • b1d0311 feat: include better user messages for reachable vuln
  • d4db5fe chore: add call graph size to analytics
  • 33fad1c Merge pull request #1079 from snyk/chore/upgrading-vuln-pkg
  • 8df372e fix: cli-server, fake-server and their tests now support Restify v8
  • b59f0b5 Merge pull request #1087 from snyk/feat/experimental-docker-archive
  • 5e627c6 feat: enable experimental docker-archive scanning
  • 3a383f0 Merge pull request #1085 from snyk/feat/update-opn-to-open
  • 1474223 feat: switch to use 'open' since 'opn' is deprecated
  • 0ca8676 Merge pull request #1086 from snyk/chore/fix-prettify
  • 9882190 chore: fix prettify for analytics.js
  • c728ada chore: lint
  • 1e0f0d2 chore: Update Restify to V8
  • 4836982 Merge pull request #1068 from snyk/feat/add-integration-name-to-analytics
  • 6316140 Merge pull request #1084 from snyk/fix/bump-ruby-semver
  • a3ea038 fix: bump ruby-semver to use min Node 8 instead of 10

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot