[Snyk] Upgrade cfonts from 2.9.3 to 2.10.1#334
Conversation
Snyk has created this PR to upgrade cfonts from 2.9.3 to 2.10.1. See this package in npm: cfonts See this project in Snyk: https://app.snyk.io/org/mikr13/project/57521539-278b-42e8-9b34-51cc78f04622?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Pull request overview
This PR upgrades the cfonts dependency from version 2.10.0 to 2.10.1 to address multiple security vulnerabilities. However, there's a discrepancy: while the PR title and description claim an upgrade from 2.9.3 to 2.10.1, the actual diff shows the upgrade is from 2.10.0 to 2.10.1, indicating only a patch version bump. This suggests the repository may have already been partially upgraded, or the PR metadata is outdated.
- The change bumps cfonts to version 2.10.1 (released April 2022)
- According to the release notes, version 2.10.1 includes dependency bumps that address numerous security vulnerabilities
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "homepage": "https://github.com/open-devs/s3-bucket-download#readme", | ||
| "dependencies": { | ||
| "cfonts": "^2.10.0", | ||
| "cfonts": "^2.10.1", |
There was a problem hiding this comment.
The PR title and description indicate an upgrade from cfonts 2.9.3 to 2.10.1, but the actual diff shows an upgrade from 2.10.0 to 2.10.1. This is only a patch version bump (2.10.0 → 2.10.1), not the two-version upgrade claimed in the description. The PR metadata appears to be inaccurate or stale.
Snyk has created this PR to upgrade cfonts from 2.9.3 to 2.10.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released 4 years ago.
Issues fixed by the recommended upgrade:
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-AXIOS-1579269
SNYK-JS-AXIOS-6032459
SNYK-JS-BRACES-6838727
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-LODASHSET-1320032
SNYK-JS-PARSELINKHEADER-1582783
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-SNYKGRADLEPLUGIN-8248487
SNYK-JS-SNYKPHPPLUGIN-8248485
SNYK-JS-SSH2-1656673
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-UTILE-8706797
SNYK-JS-AXIOS-12613773
SNYK-JS-AXIOS-6124857
SNYK-JS-AXIOS-9292519
SNYK-JS-AXIOS-9403194
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-GOT-2932019
SNYK-JS-GOT-2932019
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-I-1726768
SNYK-JS-INFLIGHT-6095116
SNYK-JS-JSYAML-13961110
SNYK-JS-JSYAML-13961110
SNYK-JS-JSZIP-3188562
SNYK-JS-JSZIP-3188562
SNYK-JS-MICROMATCH-6838728
SNYK-JS-MICROMATCH-6838728
SNYK-JS-MINIMATCH-3050818
SNYK-JS-SNYK-3037342
SNYK-JS-SNYK-3038622
SNYK-JS-SNYK-3111871
SNYK-JS-SNYKDOCKERPLUGIN-3039679
SNYK-JS-SNYKGOPLUGIN-3037316
SNYK-JS-SNYKGRADLEPLUGIN-3038624
SNYK-JS-SNYKMVNPLUGIN-3038623
SNYK-JS-SNYKPYTHONPLUGIN-3039677
SNYK-JS-SNYKSBTPLUGIN-3038626
SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625
SNYK-JS-SNYKSNYKHEXPLUGIN-3039680
SNYK-JS-TAR-6476909
SNYK-JS-TMP-11501554
SNYK-JS-TMP-11501554
SNYK-JS-TMP-11501554
SNYK-JS-XML2JS-5414874
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-FOLLOWREDIRECTS-2396346
SNYK-JS-SNYK-10497607
npm:utile:20180614
Release notes
Package name: cfonts
-
2.10.1 - 2022-04-01
- bumped dependencies
-
2.10.0 - 2021-09-16
- bumped dependencies
- added typescript definitions into npm bundle
-
2.9.3 - 2021-06-02
- bumped dependencies
from cfonts GitHub release notesImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: