Skip to content

[Snyk] Security upgrade npm-check from 5.4.0 to 5.4.4#94

Open
qiu8310 wants to merge 1 commit into
masterfrom
snyk-fix-112d8461f4dac11a27ae9b2ad07f7af8
Open

[Snyk] Security upgrade npm-check from 5.4.0 to 5.4.4#94
qiu8310 wants to merge 1 commit into
masterfrom
snyk-fix-112d8461f4dac11a27ae9b2ad07f7af8

Conversation

@qiu8310
Copy link
Copy Markdown
Owner

@qiu8310 qiu8310 commented Jul 13, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm-check The new version differs by 26 commits.
  • 01a3c47 v5.4.4
  • dfb1397 fix deps
  • fbe8369 v5.4.3
  • 18507ad fix deps
  • ad56b8b v5.4.2
  • 4f4b581 support private registries like Artifactory
  • b18ccfa Clean up README & finish devOnly feature (#220)
  • 0288d64 Merge pull request #230 from rouanw/fix_specials_bug
  • 5404599 check special files even when only one is provided
  • 690881a Merge pull request #228 from AaronAsAChimp/fix-skip-unused
  • 3e7f48a Merge pull request #223 from rouanw/depcheck_specials
  • 4cfde3f Cleanup
  • 4a4fe31 Fix skip-unused by returning after resolving the promise.
  • 63ba6bc add option to include special files in the check for unused dependencies
  • 4c09a09 Merge pull request #216 from timc13/dev-only-flag
  • 6465645 add dev-only flag
  • ca73028 Merge pull request #205 from chrismbarr/add-typedefs
  • bf927d4 Add typedefs and reference them in the package file
  • 1405113 Merge pull request #203 from corbinu/master
  • 2a2139e Add eslint-plugin-* and @ types/* to ignore matches list for unused
  • 858adf2 Merge pull request #194 from ReadmeCritic/master
  • 20bc407 Update README URLs based on HTTP redirects
  • 0880c27 Update package.json
  • 3b3251b Update .travis.yml

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
d169304 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qiu8310 @snyk-bot