Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade husky from 4.2.5 to 8.0.1 #4

Open
wants to merge 1 commit into
base: alpha
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade husky from 4.2.5 to 8.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 40 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-05-09.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1585624
696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1584358
696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-1047770
696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: husky
  • 8.0.1 - 2022-05-09
    • fix: use POSIX equality operator
  • 8.0.0 - 2022-05-08

    What's Changed

    Feats

    • feat: add husky - prefix to logged global error messages by @ joshbalfour in #1092
    • feat: show PATH when command not found to improve debuggability
    • feat: drop Node 12 support
    • feat: skip install if $HUSKY=0

    Fixes

    • fix: hook script use /usr/bin/env sh instead of direct path of sh by @ skhaz in #1051
    • fix: actually set 'husky_skip_init' as readonly in ./husky.sh by @ hyperupcall in #1104
    • fix: force basename/dirname to treat $0 as an argument by @ mataha in #1132
    • fix: remove git.io links by @ renbaoshuo in #1136

    Docs

    Chore

  • 7.0.4 - 2021-10-21

    No changes. Husky v7.0.3 was reverted, this version is the same as v7.0.2.

  • 7.0.3 - 2021-10-21

    7.0.3

  • 7.0.2 - 2021-08-25

    Fix pre-commit hook in WebStorm (#1023)

  • 7.0.1 - 2021-07-06
    • Fix gracefully fail if Git command is not found #1003 (same as in v6)
  • 7.0.0 - 2021-07-01
    • Improve .husky/ directory structure. .husky/.gitignore is now unnecessary and can be removed.
    • Improve error output (shorter)
    • Update husky-init CLI
    • Update husky-4-to-7 CLI
    • Drop Node 10 support

    Please help me develop and release OSS projects ❤️ on GitHub Sponsors or Open Collective. Thank you for your support!

  • 6.0.0 - 2021-03-29

    After being in early access for Open Source projects and Sponsors for a limited time, I'm happy to announce that husky 6 is MIT again and can be freely used in commercial projects! 🎉

    Many thanks to the Open Source projects and Companies which have switched to/sponsored the new husky during this period!

    OSS is my full-time job, please consider sponsoring the development of husky on GitHub sponsors or Open Collective. Thank you!

    Breaking change

    • husky init has been moved to its own package (npx husky-init)

    Added

    • Programmatically use husky: require('husky')
    • TypeScript definitions

    Migrating from husky 4

    Husky 6 contains breaking changes. If you're coming from v4, npm install husky@6 won't be enough.

    Recommended: see husky-4-to-6 CLI to automatically migrate your config. There's also a dedicated section in the docs.

    If you're curious why config has changed, you may be interested in reading:
    https://blog.typicode.com/husky-git-hooks-javascript-config/

    Also Husky 6 follows official npm and Yarn best practices regarding autoinstall. It's recommended to use prepare script instead (see usage in docs).

  • 5.2.0 - 2021-03-21
    • Add set command to replace hooks (husky set .husky/pre-commit cmd)
    • Update add command to append command (husky add .husky/pre-commit cmd)
    • Improve error messages
  • 5.1.3 - 2021-03-02
    • docs: add specific Yarn v2 install/uninstall instructions
    • cli: husky init will detect Yarn v2 and initialize accordingly
  • 5.1.2 - 2021-03-01
  • 5.1.1 - 2021-02-22
  • 5.1.0 - 2021-02-21
  • 5.0.9 - 2021-02-08
  • 5.0.8 - 2021-01-28
  • 5.0.7 - 2021-01-27
  • 5.0.6 - 2020-12-11
  • 5.0.5 - 2020-12-11
  • 5.0.4 - 2020-11-22
  • 5.0.3 - 2020-11-22
  • 5.0.2 - 2020-11-22
  • 5.0.1 - 2020-11-17
  • 5.0.0 - 2020-11-16
  • 5.0.0-beta.0 - 2020-10-16
  • 5.0.0-alpha.6 - 2020-10-01
  • 5.0.0-alpha.5 - 2020-09-21
  • 5.0.0-alpha.4 - 2020-09-15
  • 5.0.0-alpha.3 - 2020-09-15
  • 5.0.0-alpha.2 - 2020-09-15
  • 5.0.0-alpha.1 - 2020-09-15
  • 5.0.0-alpha.0 - 2020-09-14
  • 4.3.8 - 2021-01-15
  • 4.3.7 - 2021-01-07
  • 4.3.6 - 2020-12-13
  • 4.3.5 - 2020-12-07
  • 4.3.4 - 2020-12-05
  • 4.3.3 - 2020-12-05
  • 4.3.2 - 2020-12-05
  • 4.3.1 - 2020-12-01
  • 4.3.0 - 2020-09-07
  • 4.2.5 - 2020-04-09
from husky GitHub release notes
Commit messages
Package name: husky

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant