Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #5325

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • cyclic-dep/package.json
    • cyclic-dep/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept
Commit messages
Package name: term-ng The new version differs by 16 commits.
  • 0fe9c55 0.8.4
  • 6d1c025 Update yargs
  • 4dbbe68 Merge branch 'master' into develop
  • b268d6c Merge branch 'release/v0.8.3'
  • dbe7fec Update and polish
  • 3c9d80a 0.8.3
  • d47627b Update and polish
  • 381b794 Merge branch 'release/v0.8.2'
  • 81dc7f6 Merge branch 'master' into develop
  • a11fabc Update package
  • cf77189 Update module
  • fae702f Fix eslint
  • 9db51a4 Merge branch 'greenkeeper/truwrap-0.8.0' of https://github.com/MarkGriffiths/term-ng into develop
  • 8a83288 fix(package): update truwrap to version 0.8.0
  • d4554d0 Merge branch 'release/v0.8.1'
  • e430e29 Merge branch 'master' into develop

See the full diff

Package name: truwrap The new version differs by 23 commits.
  • c37a889 0.8.3
  • 80dae6e Update docs
  • c23f02a Update deps
  • c3e2a46 Update travis
  • 0c7ec0c Update cli help
  • c075646 Update and polish
  • f5ef179 Update and polish
  • 9f1e641 Merge branch 'master' into develop
  • 6916e21 Merge branch 'release/v0.8.2'
  • 0492de1 Update package
  • 3987114 Fix xo
  • 5b4f044 Update package
  • c32c780 Merge branch 'greenkeeper/documentation-9.0.0' of https://github.com/MarkGriffiths/truwrap into develop
  • 96319e3 Merge branch 'greenkeeper/deep-assign-3.0.0' of https://github.com/MarkGriffiths/truwrap into develop
  • ad92d42 Merge branch 'greenkeeper/ansi-regex-4.0.0' of https://github.com/MarkGriffiths/truwrap into develop
  • 5fda155 chore(package): update lockfile package-lock.json
  • c1c0244 chore(package): update documentation to version 9.0.0
  • 2f9a53b chore(package): update lockfile package-lock.json
  • a8b76e3 fix(package): update deep-assign to version 3.0.0
  • d1c92be chore(package): update lockfile package-lock.json
  • 15754d7 fix(package): update ansi-regex to version 4.0.0
  • 8f27da9 Merge branch 'release/v0.8.1'
  • b0316d9 Merge branch 'master' into develop

See the full diff

Package name: yargs The new version differs by 74 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant