[Snyk] Upgrade prompt from 1.1.0 to 1.3.0#348
Conversation
Snyk has created this PR to upgrade prompt from 1.1.0 to 1.3.0. See this package in npm: prompt See this project in Snyk: https://app.snyk.io/org/mikr13/project/57521539-278b-42e8-9b34-51cc78f04622?utm_source=github&utm_medium=referral&page=upgrade-pr
There was a problem hiding this comment.
Pull request overview
Upgrades the prompt npm dependency to a newer patch/minor version as part of a Snyk-driven dependency update to address reported vulnerabilities in the dependency tree.
Changes:
- Bump
promptdependency version inpackage.jsonfrom^1.2.0to^1.3.0.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "dependencies": { | ||
| "cfonts": "^2.10.0", | ||
| "minimist": "^1.2.5", | ||
| "prompt": "^1.2.0" | ||
| "prompt": "^1.3.0" |
There was a problem hiding this comment.
This repo includes a yarn.lock that still pins prompt to 1.2.0, so bumping package.json alone won’t upgrade prompt for yarn installs. Please update yarn.lock accordingly (or remove it if yarn isn’t supported) to avoid inconsistent dependency trees and leaving the vulnerable version in place for some consumers.
| "cfonts": "^2.10.0", | ||
| "minimist": "^1.2.5", | ||
| "prompt": "^1.2.0" | ||
| "prompt": "^1.3.0" |
There was a problem hiding this comment.
PR description says this upgrades prompt from 1.1.0, but package.json was already at ^1.2.0 before this change. Please adjust the PR description (or confirm the intended starting version) to avoid confusion when auditing dependency upgrades.
Snyk has created this PR to upgrade prompt from 1.1.0 to 1.3.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 4 versions ahead of your current version.
The recommended version was released 4 years ago.
Issues fixed by the recommended upgrade:
SNYK-JS-PARSELINKHEADER-1582783
SNYK-JS-SEMVER-3247795
SNYK-JS-UTILE-8706797
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-AXIOS-1579269
SNYK-JS-AXIOS-6032459
SNYK-JS-BRACES-6838727
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-LODASHSET-1320032
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-SNYKGRADLEPLUGIN-8248487
SNYK-JS-SNYKPHPPLUGIN-8248485
SNYK-JS-SSH2-1656673
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-MICROMATCH-6838728
SNYK-JS-MINIMATCH-3050818
SNYK-JS-TMP-11501554
SNYK-JS-XML2JS-5414874
SNYK-JS-AXIOS-12613773
SNYK-JS-AXIOS-6124857
SNYK-JS-AXIOS-9292519
SNYK-JS-AXIOS-9403194
SNYK-JS-DIFF-14917201
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-GOT-2932019
SNYK-JS-GOT-2932019
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-I-1726768
SNYK-JS-INFLIGHT-6095116
SNYK-JS-JSYAML-13961110
SNYK-JS-JSYAML-13961110
SNYK-JS-JSZIP-3188562
SNYK-JS-JSZIP-3188562
SNYK-JS-LODASH-15053838
SNYK-JS-MICROMATCH-6838728
SNYK-JS-SNYK-3037342
SNYK-JS-SNYK-3038622
SNYK-JS-SNYK-3111871
SNYK-JS-SNYKDOCKERPLUGIN-3039679
SNYK-JS-SNYKGOPLUGIN-3037316
SNYK-JS-SNYKGRADLEPLUGIN-3038624
SNYK-JS-SNYKMVNPLUGIN-3038623
SNYK-JS-SNYKPYTHONPLUGIN-3039677
SNYK-JS-SNYKSBTPLUGIN-3038626
SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625
SNYK-JS-SNYKSNYKHEXPLUGIN-3039680
SNYK-JS-TAR-15032660
SNYK-JS-TAR-15038581
SNYK-JS-TAR-15127355
SNYK-JS-TAR-6476909
SNYK-JS-TMP-11501554
SNYK-JS-TMP-11501554
npm:utile:20180614
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-FOLLOWREDIRECTS-2396346
SNYK-JS-SNYK-10497607
Release notes
Package name: prompt
-
1.3.0 - 2022-04-11
-
1.2.2 - 2022-02-17
-
1.2.1 - 2022-01-10
-
1.2.0 - 2021-08-25
-
1.1.0 - 2020-12-21
from prompt GitHub release notes1.1.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: