[Snyk] Upgrade concurrently from 5.2.0 to 7.3.0 #4

snyk-bot · 2022-08-20T17:25:30Z

Snyk has created this PR to upgrade concurrently from 5.2.0 to 7.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 18 versions ahead of your current version.
The recommended version was released a month ago, on 2022-07-18.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-THENIFY-571690	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-PARSEURL-2935947	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONPOINTER-1577288	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: concurrently

7.3.0 - 2022-07-18
What's Changed
- Export package.json path by @ gustavohenke in #339
7.2.2 - 2022-06-14
What's Changed
- Update rxjs to version 7.0.0 - #326
- Fix TypeScript not able to resolve types when on Node 16 - #330
New Contributors
- @ jsfix-updater made their first contribution in #326
- @ Baune8D made their first contribution in #330
7.2.1 - 2022-05-22
What's Changed
- Fix --success command- syntax when command name has dashes - #324, #325
7.2.0 - 2022-05-15
- Support passthrough of additional arguments to commands via placeholders - #33, #282, #307
- Add command-{name|index} and !command-{name|index} to --success - #280, #281, #318
New Contributors
- @ paescuj made their first contribution in #317 and #307
7.1.0 - 2022-04-02
- Excluding pattern support added, e.g. concurrently npm:lint:*(!fix) (#305, #306)
- Fixed programmatic API docs to resemble v7.0.0 changes (#303)
New Contributors
- @ naxoc made their first contribution in #303
- @ NullVoxPopuli made their first contribution in #306
7.0.0 - 2022-01-03
🎉 🥂 Happy 2022!

Breaking changes
- Dropped support for Node 10. Minimum version is now 12.20.
- concurrently() API now has a different return value. Please refer to the docs.
Functional changes
- Added --group flag/option to run process in parallel but print output in sequence - #75, #79, #272
- Codebase converted to TypeScript. Some bugs may arise due to this, but I hope not!
API Changes
- concurrently can now be imported as an ES Module! Just do import concurrently from 'concurrently'.
- concurrently() now returns the commands alongside a promise for the result - #209
New Contributors
- @ cdrini made their first contribution in #272
6.5.1 - 2021-12-19
- Fix command names when using npm wildcard (#148, #165, #211, #212)
6.5.0 - 2021-12-17
- Add support for configuring via environment variables that start with CONCURRENTLY_ prefix (#289)
- Add --timings flag to show when each process started and stopped, and how long they ran for (#291, #295)
6.4.0 - 2021-11-13
- Add --hide flag to hide the output of specified commands (#138, #173)
6.3.0 - 2021-10-02
- Distribute prefix colors correctly when using npm/yarn/pnpm script expansion (#186, #210, #234, #286)
- Add new option to programmatic API, prefixColors, which serves as fallback for commands without a prefixColor (#286)
6.2.2 - 2021-09-27
6.2.1 - 2021-08-08
6.2.0 - 2021-05-24
6.1.0 - 2021-05-08
6.0.2 - 2021-04-12
6.0.1 - 2021-04-05
6.0.0 - 2021-02-20
5.3.0 - 2020-08-07
5.2.0 - 2020-04-25