[Snyk] Fix for 1 vulnerabilities #135

snyk-levine · 2023-06-22T03:40:37Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- large-file/package.json
- large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: builtins

The new version differs by 25 commits.

4f087ad 3.0.0
853b75f Update semver to the latest version 🚀 ([Snyk] Security upgrade moment from 2.15.1 to 2.29.2 #29)
5d80521 travis: update node versions ([Snyk] Security upgrade moment from 2.22.1 to 2.29.2 #30)
6e6dbfb Update prettier-standard to the latest version 🚀 ([Snyk] Security upgrade lodash-es from 4.17.10 to 4.17.21 #27)
3ef7971 Update prettier-standard to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #26)
f38bddc Update prettier-standard to the latest version 🚀 ([Snyk] Fix for 4 vulnerabilities #25)
8357384 Update prettier-standard to the latest version 🚀 ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #24)
a99328a bump all dev deps
1c1cb77 Update standard to the latest version 🚀 ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #22)
504c3a6 Bump lodash from 4.17.11 to 4.17.14 ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #21)
df4a0c3 2.0.1
be0e4c5 Bump js-yaml from 3.12.1 to 3.13.1 ([Snyk] Fix for 1 vulnerabilities #19)
5e83a62 Merge pull request [Snyk] Security upgrade add-asset-html-webpack-plugin from 3.0.0 to 5.0.0 #18 from juliangruber/greenkeeper/semver-5.7.0
5880892 chore(package): update lockfile package-lock.json
abdf98a fix(package): update semver to version 6.0.0
4db991b Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #17 from juliangruber/greenkeeper/prettier-standard-9.0.0
771090d chore(package): update lockfile package-lock.json
8c234a0 chore(package): update prettier-standard to version 9.0.0
8fbfe51 update package-lock.json
1964613 pkg: remove publishconfig. closes [Snyk] Security upgrade karma from 2.0.3 to 6.3.16 #16
cfbe6ed Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #15 from juliangruber/greenkeeper/standard-12.0.0
ef69ab5 chore(package): update standard to version 12.0.0
1eb4d7d Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #14 from juliangruber/greenkeeper/initial
e757c27 docs(readme): add Greenkeeper badge

See the full diff

Package name: dependency-check

The new version differs by 60 commits.

16e34d4 4.0.0
f2d7711 Update standard to 13.x
2ea7c28 Add Husky to make it harder to push failing tests
8657129 BREAKING: Remove --entry, instead add directly
151bc29 Clarify CLI help, eg. missing is no longer default
08cfb69 Clarify an error message on finding a package.json
80866f8 BREAKING: Drop callback parameter from main export
8eaba08 Make parse() + path resolving async
0320bb7 Minor refactoring of bin resolving
ca55986 Added another path helper
a8a39fc Extract the code that resolves paths to look at
53d2c3d BREAKING: Remove --extra alias, use --unused
55d282e Move to require('module').builtinModules
a3b62d2 Move from .indexOf() !== -1 to .includes()
ae7d049 Update list of test targets
d886e2b SEMIBREAKING: Make --quiet the standard, add --verbose
5e4f11b BREAKING: Run all tests by default
da6c139 Add resolving of package.json directly from files
011184c Update to latest micromatch release
2c91ae0 SEMIBREAKING: Update to latest globby release
fb09c07 BREAKING: Require Node >=10
9c74d37 3.4.1
0fab216 Check node engine requirements of dependencies
b1d44de Use micromatch 3.x to be compatible with Node 6

See the full diff

Package name: eslint

The new version differs by 250 commits.

3dd6741 7.0.0
9a722f9 Build: changelog update for 7.0.0
b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
401a687 Chore: fix rules list for prereleases (#13230)
4ef6158 Breaking: espree@7.0.0 (#13270)
b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
356fdb4 Docs: add migration guide (#12692)
015edf6 Sponsors: Sync README with website
fdfa364 7.0.0-rc.0
8d1b4db Build: changelog update for 7.0.0-rc.0
0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
2ce6bed Chore: added tests for nested arrays (#13145)
d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
3eeae56 Upgrade: some (dev) deps (#13155)
6b7030b Chore: Run tests on Node.js v14 (#13210)
ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
56d2bee Docs: fix typos (#13204)
e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: karma

The new version differs by 36 commits.

a4d5bdc chore: release v3.0.0
75f466d chore: release v2.0.6
5db9399 chore: update contributors
eb3b1b4 chore(deps): update mime -> 2.3.1 ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3107)
732396a fix(travis): Up the socket timeout 2->20s. ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#3103)
173848e Remove erroneous change log entries for 2.0.3
1002569 chore(ci): drop node 9 from travis tests ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#3100)
02f54c6 fix(server): Exit clean on unhandledRejections. ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3092)
0fdd8f9 chore(deps): update socket.io -> 2.1.1 ([Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 snyk-fixtures/npm-lockfiles#3099)
90f5546 fix(travis): use the value not the key name. ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#3097)
fba5d36 fix(travis): validate TRAVIS_COMMIT if TRAVIS_PULL_REQUEST_SHA is not set. ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#3094)
56fda53 fix(init): add "ChromeHeadless" to the browsers' options ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#3096)
f6d2f0e fix(config): Wait 30s for browser activity per Travis. ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3091)
a58fa45 fix(travis): Validate TRAVIS_PULL_REQUEST_SHA rather than TRAVIS_COMMIT. ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#3093)
88b977f fix(config): wait 20s for browser activity. ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3087)
94a6728 chore: remove support for node 4, update log4js ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3082)
c5dc62d docs: better clarity for API usage
0018947 chore: release v2.0.5
02dc1f4 chore: update contributors
dc7265b fix(browser): ensure browser state is EXECUTING when tests start ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3074)
7617279 refactor(filelist): rename promise -> lastCompletedRefresh and remove unused promise ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3060)
a701732 fix(doc): Document release steps for admins ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3063)
93ba05a fix(middleware): Obey the Promise API.
518cb11 fix: remove circular reference in Browser

See the full diff

Package name: log4js

The new version differs by 250 commits.

45eca69 3.0.0
7597c52 Merge pull request [Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#755 from log4js-node/inspect-deprecated
16b8754 fix: removed semver dep, not needed
20a6b29 fix: removed the custom inspect thing as it was only need for node < 6
58cd7d2 chore: added node v10 to the travis builds, removed v7
7f2b1c2 docs: fixed references to external appenders
dcdf2ad Merge pull request [Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#754 from log4js-node/version-3.x
8c8eea5 test: fixed up the types test
8ad2c39 2.11.0
24d2663 Merge pull request [Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#753 from log4js-node/remove-logfaces-udp
467f670 chore: removed the logFaces-UDP appender
2db6bb0 Merge branch 'master' into version-3.x
e605365 Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#752 from log4js-node/deprecate-logfaces-udp
db9271b chore: deprecated logFaces-UDP
6031257 Merge pull request [Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#748 from log4js-node/remove-logFaces-HTTP
3a56566 chore: removed logFaces-HTTP appender
06c56b4 chore: turned off unused locals complaint for types (caused by levels)
5618fdb Merge branch 'master' into version-3.x
111fced Merge pull request [Snyk-local] Fix for 31 vulnerable dependencies snyk-fixtures/npm-lockfiles#747 from log4js-node/deprecate-logfaces-http
29a238a chore: deprecated logFaces-HTTP appender
83440fa Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#745 from nicojs/744-fix-levels-typing
18ad653 fix(typings): correctly type the `levels` property
6b60cd9 Merge pull request [Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#742 from log4js-node/remove-logstash-http
16603ca chore: removed logstash-http appender

See the full diff

Package name: nearley

The new version differs by 109 commits.

b3e8f3e bump doc version
aa39ac4 2.20.1
b99ba3f drop semver dependency(?)
bcdacf2 version bump in docs
194243e 2.20.0
1652d54 add funding link...
fc25a71 npm audit fixes
d93cc8e bump version in docs
edbb336 2.19.9
f7a7c42 Merge branch 'bandaloo-never-token'
751cf45 typescript --strict check
0313b2c added missing new line in generated code
c486135 added NearleyToken interface back
aba4a50 never type for token
03f4d00 small fixes
b6909ff bump version
842d51b 2.19.8
b7d427e Merge pull request [Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#541 from aliclark/line-breaks-counting
541bc90 Merge pull request [Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#554 from oguimbal/doc
007ba5f Add Deno + pg-mem doc
4beec6f added another "project using nearley"
8929cd0 Add a test to validate line and col values in errors
6983001 Add counting lineBreaks in js and btstring
98e4d21 build docs

See the full diff

Package name: node-releases

The new version differs by 133 commits.

580f0f6 1.1.53
c66e60f upd
245725a Merge pull request [Snyk] Fix for 1 vulnerabilities #19 from nschonni/semver-devdependency
19a4bff chore: Move semver to devDependencies
11591a5 Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #17 from nschonni/patch-1
2442d14 chore: Ignore IDE files in NPM package
f35c81e 1.1.52
1ca4bab upd
0fa541c 1.1.51
7d81634 upd
442776e 1.1.50
a444e95 -
c5061f2 1.1.49
59dca16 upd
675387f 1.1.48
71295d2 upd
5710fe5 1.1.47
f328bca upd
c3ee45f 1.1.46
3fb3f84 upd
a8ad8c2 1.1.45
e45a661 upd
e84a19a 1.1.44
fa4eb78 upd

See the full diff

Package name: normalize-package-data

The new version differs by 20 commits.

e584704 3.0.0
6899b0c fix: broken tests w/ latest hosted-git-info
40d07df hosted-git-info@3.0.6
e938119 chore: update engines
7e70f63 resolve@1.17.0
0ba7f91 semver@7.3.2
30afb71 chore: remove async dev dep
db9c672 tap@14.10.8
cc89759 chore: remove underscore dev dep
b224ba1 chore: update to package-lock v2
dedb606 2.5.0
f97372c deps: use `resolve.isCore` instead of `is-builtin-module` for better data and better node compat ([Snyk] Fix for 1 vulnerabilities #99)
de56d3e 2.4.2
96c93df deps: downgrade is-builtin-module to ^1.0.0
39b60ac 2.4.1
9d1ce80 fix: update broken url to `validate-npm-package-license` in README
156ad83 deps: bump devDeps
432f89c deps: bump deps
f828e53 chore: update CI for current Node LTS
df8ea05 fix(license): don't fail when license is whitespace-only field ([Snyk] Security upgrade debug from 2.0.0 to 2.6.9 #93)

See the full diff

Package name: nyc

The new version differs by 79 commits.

bebf4d6 chore(release): 15.0.0
2931730 chore: Update to final releases of dependencies ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#1245)
d44ff19 chore: Update node-preload and use process-on-spawn ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#1243)
5258e9f feat: Filenames relative to project cwd in coverage reports ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#1212)
6039f29 chore: Unpin test-exclude, update to latest pre-releases ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#1240)
f3c9e6c chore: Temporarily pin test-exclude ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1239)
28ed746 chore: Lazy load modules that are rarely/never needed in test processes. ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#1232)
7307626 chore: Remove cp-file module ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#1230)
dfd629d fix: Better error handling for main execution, reporting ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#1229)
549c953 chore: Update dependencies, pin find-cache-dir ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#1228)
a1dee03 chore: Update yargs ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1224)
8078a79 chore: Fix 404 in README.md. ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1220)
7a02cb7 chore: Add enterprise language ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1217)
ea94c7f chore: Remove unused functions ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1218)
53c66b9 docs: `npm home nyc` goes to github master branch README ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#1201)
cf5e5d3 chore: Update dependencies
8411a26 fix: Correct handling of source-maps for pre-instrumented files ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#1216)
f890360 docs: Fix URL to default excludes in README.md ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1214)
3726bbb chore: Update to async version of istanbul-lib-source-maps ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1199)
0efc6d1 chore: Tweak arguments for async coverage data readers ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#1198)
cc77e13 chore: Add `use strict` to all except fixtures ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#1197)
bcbe1df chore: Update dependencies ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#1196)
2735ee2 chore: 100% coverage ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#1195)
fd40d49 feat: Use @ istanbuljs/schema for yargs setup ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1194)

See the full diff

Package name: os-name

The new version differs by 3 commits.

238cb59 3.0.0
41930d4 Meta tweaks
c716329 Require Node.js 6 and upgrade dependencies ([Snyk] Security upgrade mout from 1.1.0 to 1.2.3 #5)

See the full diff

Package name: read-package-json

The new version differs by 61 commits.

9f7049d chore(release): 3.0.0
19d9fbe fix: check-in updated lockfile
eef46fa chore: add engines definition
36b7ef7 chore: remove old .travis.yml envs
b3a8831 globa@7.1.6
fb3ceae json-parse-even-better-errors@2.3.1
78add03 npm-normalize-package-bin@1.0.1
7595d70 normalize-package-data@3.0.0
10175d8 chore(release): 2.1.2
fdbf082 fix: even better json errors, remove graceful-fs
e78afd6 chore(release): 2.1.1
b8cb5fa fix: normalize and sanitize pkg bin entries
55382c2 chore(release): 2.1.0
0a176cc Add some tests and clean up error handling for non-string bins
76f6f42 feat: support bundleDependencies: true
4e1e4d2 some tests for index.js parsing
67f2d8d chore: update CI for current Node LTS
6bac747 chore(release): 2.0.13
c1b24b0 misc: updating for standard
7090a2f deps: bump devDeps
5b4d790 deps: bump j-p-b-e
3f06586 meta: modernize release process
1869940 fix(git): support git packed refs --all mode ([Snyk] Security upgrade mout from 1.1.0 to 1.2.4 #77)
b5a9f47 2.0.12

See the full diff

Package name: read-pkg

The new version differs by 29 commits.

55549f3 6.0.0
2088095 Require Node.js 12 and move to ESM
4c0cd9a Move to GitHub Actions ([Snyk] Fix for 1 vulnerabilities #19)
bfe8eb8 5.2.0
8b11c42 Bump dependencies ([Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #17)
a6ca17a Fix readme example ([Snyk] Security upgrade karma from 2.0.3 to 6.3.16 #16)
01d66b2 Tidelift tasks
371d871 Create funding.yml
7a86b11 5.1.1
d57aeb1 Fix types for default value of `normalize` ([Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #14)
e2ae941 Add Node.js 12 to testing ([Snyk] Fix for 1 vulnerabilities #13)
1270bef 5.1.0
a45019a Meta tweaks
8a3fcef Add TypeScript definition ([Snyk] Security upgrade karma from 2.0.3 to 6.3.14 #12)
d443393 Fix Travis
51a9429 5.0.0
267b050 Require Node.js 8
03b601f 4.0.1
b1a3920 Use `pify`
8f30e19 4.0.0
0cd09a0 Remove the `path` arguments and drop BOM stripping
c5f6837 Require Node.js 6
7eb2f6b 3.0.0
8aac403 Fix tests for newer AVA version

See the full diff

Package name: semver

The new version differs by 207 commits.

e7b78de chore: release 7.5.2
58c791f fix: diff when detecting major change from prerelease ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#566)
5c8efbc fix: preserve build in raw after inc ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#565)
717534e fix: better handling of whitespace ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#564)
2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#558)
aa016a6 chore: release 7.5.1
d30d25a fix: show type on invalid semver error ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#559)
09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#555)
5b02ad7 chore: release 7.5.0
e219bb4 fix: throw on bad version with correct error message ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#552)
503a4e5 feat: allow identifierBase to be false ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#548)
fc2f3df fix: incorrect results from diff sometimes with prerelease versions ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#546)
2781767 fix: avoid re-instantiating SemVer during diff compare ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#547)
82aa7f6 chore: release 7.4.0
731d896 chore: enable CD ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#545)
940723d fix: intersects with v0.0.0 and v0.0.0-0 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#538)
aa516b5 fix: faster parse options ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#535)
61e6ea1 fix: faster cache key factory for range ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#536)
f8b8b61 fix: optimistic parse ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#541)
796cbe2 fix: semver.diff prerelease to release recognition ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#533)
3f222b1 fix: reuse comparators on subset ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#537)
113f513 feat: identifierBase parameter for .inc ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#532)
ea689bc chore: basic type test for RELEASE_TYPES
c5d29df docs: Add "Constants" section to README

See the full diff

Package name: snyk

The new version differs by 250 commits.

4cc1a94 Merge pull request [Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#2105 from snyk/feat/webpack
7737f75 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#2181 from snyk/test/migrate-old-snyk-format
418e6ad Merge pull request [Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#2180 from snyk/test/migrate-is-docker
95631e7 test: migrate is-docker to jest
babe22a test: migrate old-snyk-format to jest
e22e94f feat: Snyk CLI is bundled with Webpack
dd46c19 Merge pull request [Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#2175 from snyk/fix/snyk-protect-multiple
e7c314f Merge pull request [Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#2178 from snyk/test/server-close
5e824c0 fix(protect): skip previously patched files
ca2177a fix(protect): catch and log unexpected errors
c9ddb44 chore(protect): move api url warnings to stderr
e8fed38 refactor(protect): move stdout logs to top level
55e88f9 Merge pull request [Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#2177 from snyk/test/set-jest-acceptance-timeout
1522c5f test: server.close uses callbacks, not promises
13dce51 test: increase timeout for slow oauth test
65c35be Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#2172 from snyk/chore/no-run-test-on-master
a1e3992 chore: don't run tests on master
20feb67 Merge pull request [Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-fixtures/npm-lockfiles#2165 from snyk/chore/dont-wait-for-regression-tests
f50bca7 Merge pull request [Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#2167 from snyk/refactor/replace-cc-parser-with-split-functions
1ed7d11 refactor: replace cc parser with split functions
707801d Merge pull request [Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 snyk-fixtures/npm-lockfiles#2166 from snyk/fix/support_quotes_in_poetry_toml
dc6b784 Merge pull request [Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/npm-lockfiles#2163 from snyk/chore/remove-store-test-results
7973015 fix: support quoted keys in inline tables
18f0d2a Merge pull request [Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

fb50f76 chore(release): publish new version
2c75aeb chore: new version of the packages
0d05c30 chore(release): publish %s
3f9e151 chore: fix lerna config
2c1e34c tests(generator): enhance init generator tests ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1236)
6ee61b9 Fix loader-generator and plugin-generator tests ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1250)
52956a2 Fixing the typos and grammatical errors in Readme files ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#1246)
7faaed2 chore: update Bug_report & Feature_request Templates ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1256)
7a5b33d feat(webpack-cli): added mode argument ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1253)
3715756 tests(webpack-cli): add test case for defaults flag ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#1254)
a7cba2f chore: project maintanance and typescript fix ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1247)
7748472 chore: ignore package-lock.json and remove its references ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1252)
a014aa7 docs: fix supported arguments & commands link in README ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1244)
06129a1 feat(webpack-cli): add progress bar for progress flag ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1238)
6cc6a49 chore: post refactor CLI ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#1237)
358651e chore: move cli under lerna package ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1225)
2dc495a fix(init): fix webpack config scaffold ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1231)
1ab62d2 tests(generator): add tests for plugin generator ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1235)
d2dd0c1 tests(sourcemap): fix flaky stats statement ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#1232)
f6dc680 tests(loader-generator): add tests for loader generator ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1234)
35d1381 tests(generator): enable init generator test ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#1233)
66cdcb6 chore(generator): remove transpiled tests ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#1229)
f29a170 fix(init): fix the invalid package name ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#1228)
8c3a66d chore(cli): updated changelog of v3 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1224)

See the full diff

Package name: win-release

The new version differs by 7 commits.

d5834ae 2.0.0
d41a71d Use an actual `Map`
1559c38 Meta tweaks
686f510 Add Windows Server detection and require Node.js 4 ([Snyk] Security upgrade marked from 0.3.5 to 4.0.10 #7)
90bd97f meta tweaks
11aa02d OS X → macOS
f9584de update tests for latest AVA version

See the full diff

Package name: yeoman-generator

The new version differs by 250 commits.

aad5fac 5.0.0
4f4a802 Add transform to expected priority.
57d240c Remove only from test.
812751f Lint fix
33d050f Implement getFeatures for singleton support.
99ac2c5 Add transform priority.
5136342 Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1278)
fa408bd Bump actions/stale from v3.0.15 to v3.0.16 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#1275)
d7103f3 Drop reference from yeoman-test repository
b36f294 Bump yeoman-environment to 3.0.0-rc.1
ee0d1ad Hide shared options and drop support for kebab case options.
310f72d Fix spawn destinationRoot.
8f4afe9 Switch composeWith to use environment.
e9d0a15 Remove support for chainning at composeWith.
c2245e1 Switch from node 10 to 12 at Travis.
5be7b07 5.0.0-rc.0
8a448b4 Bump yeoman-environment to 3.0.0-rc.0
6d6c4b0 Changes to queueTransformStream
632d60d Add option to skip parsing options.

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

fix: large-file/package.json & large-file/package-lock.json to reduce…

3967dac

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795

This was referenced Dec 19, 2023

[Snyk] Fix for 23 vulnerabilities #171

Open

[Snyk] Fix for 23 vulnerabilities #172

Open

snyk-levine mentioned this pull request Apr 29, 2024

[Snyk] Fix for 1 vulnerabilities #202

Open

snyk-levine mentioned this pull request May 22, 2024

[Snyk] Fix for 2 vulnerabilities #211

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 1 vulnerabilities #135

[Snyk] Fix for 1 vulnerabilities #135

snyk-levine commented Jun 22, 2023

[Snyk] Fix for 1 vulnerabilities #135

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #135

Conversation

snyk-levine commented Jun 22, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: