Skip to content

[Snyk] Security upgrade npm-check from 5.4.0 to 5.9.1#93

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-8c95413aeeda299e72e3b91cfd172258
Open

[Snyk] Security upgrade npm-check from 5.4.0 to 5.9.1#93
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-8c95413aeeda299e72e3b91cfd172258

Conversation

@snyk-bot
Copy link
Copy Markdown
Contributor

@snyk-bot snyk-bot commented Sep 16, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm-check The new version differs by 74 commits.
  • dcb8bbe 5.9.1
  • c610aa8 Merge pull request #368 from omrilotan/2019-10-29-fix-vuln
  • ce892a9 Update depcheck
  • 4b633e2 Fix vulnerabilities
  • f569c7d Merge pull request #326 from mansona/fixing-ci
  • b713af5 adding later node versions to CI
  • 76cefd6 fixing CI for Node 4
  • f47c605 Merge pull request #321 from dyun8080/patch-1
  • 24d7b70 fix: npm run lint
  • bda767d 5.9.0
  • 6d6eb6e Merge pull request #307 from dylang/depcheck-0-6-11
  • 7065511 feat: bump depcheck dependency
  • 72054dd 5.8.0
  • 042c7f6 Merge pull request #294 from zkochan/master
  • 5d5bc0e feat: use pnpm on projects that previously used pnpm
  • 258bc6b 5.7.1
  • 64e5532 Merge pull request #289 from dylang/drop-merge-options
  • a9f3b37 Switch out merge-options for xtend
  • 348b34f Merge pull request #287 from sbrl/patch-1
  • b09a695 README.md: Correct typo
  • 8f00b45 Merge pull request #270 from simlu/patch-1
  • 7073994 Merge pull request #286 from carlmanaster/patch-1
  • c0111b1 Update cli.js
  • fafeaf8 5.7.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
e2c5ae6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot