Skip to content

[Snyk] Fix for 2 vulnerabilities#15

Open
dippyhippy wants to merge 1 commit intomasterfrom
snyk-fix-58738779e42d481199b7ac11dba1439b
Open

[Snyk] Fix for 2 vulnerabilities#15
dippyhippy wants to merge 1 commit intomasterfrom
snyk-fix-58738779e42d481199b7ac11dba1439b

Conversation

@dippyhippy
Copy link
Copy Markdown
Owner

@dippyhippy dippyhippy commented Feb 23, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 753/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: noflo The new version differs by 225 commits.
  • 575ed20 Bump
  • 5cf44e2 Merge pull request #439 from noflo/greenkeeper-fbp-1.3.0
  • 18b6958 chore(package): update fbp to version 1.3.0
  • fdb05b3 Mention case sensitive mode
  • b1353fb Merge pull request #435 from ifitzpatrick/case-sensitive
  • 0c6b213 Disambiguation, refs #130
  • f0c0870 Add support for stream datatype in ports, fixes #130
  • 0572800 Merge pull request #440 from noflo/greenkeeper-fbp-manifest-0.1.8
  • 88ab4ce chore(package): update fbp-manifest to version 0.1.8
  • c890f61 Go to tilde
  • 9a85546 Don't shadow loader var
  • eb54d6c Update CHANGES
  • b574fca Fix component caching, fixes #427
  • 4ed31d8 Pass caseSensitive option to new Graph with an options object
  • 57bd943 Merge pull request #432 from noflo/greenkeeper-fbp-1.1.7
  • 378bc86 Merge pull request #436 from noflo/greenkeeper-mocha-2.5.2
  • 39a6104 No setMaxListeners on browser
  • f5d4560 chore(package): update mocha to version 2.5.2
  • c1f56f3 Allow arbitrary number of listeners
  • c1b9860 Add caseSensitive option to Graph object
  • 1fc70fe chore(package): update fbp to version 1.1.7
  • 55342d1 Merge pull request #428 from noflo/greenkeeper-babel-core-6.9.0
  • 8b92c7c Merge pull request #431 from noflo/greenkeeper-mocha-2.5.1
  • 6b26921 chore(package): update mocha to version 2.5.1

See the full diff

Package name: noflo-flow The new version differs by 26 commits.
  • 95cd70f Bump
  • cb5dcc3 Merge pull request #84 from noflo/update_dependencies
  • 492b110 These graphs are now gone
  • 302192a Use ComponentLoader to instantiate
  • 01a4700 Remove unmaintained noflo-cache dep
  • 80c63d8 Add webpack loaders
  • 4118ee9 Update noflo-manifest
  • cd9df21 Update grunt-contrib-coffee
  • ed5ee00 Update grunt-contrib-watch
  • 9bcbd11 Update grunt-coffeelint
  • 44b6c6f Update grunt-contrib-uglify
  • 8538254 Merge remote-tracking branch 'origin/greenkeeper-grunt-noflo-browser-1.0.1' into update_dependencies
  • 38b493b Merge remote-tracking branch 'origin/greenkeeper-grunt-mocha-test-0.13.2' into update_dependencies
  • 5c162ce Update grunt-mocha-phantomjs
  • b9a6b90 Merge remote-tracking branch 'origin/greenkeeper-mocha-3.2.0' into update_dependencies
  • 9308748 Update grunt
  • d9fb5bb Relax NoFlo version dependency
  • 5893423 chore(package): update mocha to version 3.2.0
  • 6e3a5f9 chore(package): update grunt-mocha-test to version 0.13.2
  • 2a1b7b4 chore(package): update grunt-noflo-browser to version 1.0.1
  • a766bf5 chore(package): update grunt-mocha-phantomjs to version 4.0.0
  • 2cf5529 chore(package): update grunt-contrib-uglify to version 2.0.0
  • 0e13402 chore(package): update grunt-coffeelint to version 0.0.16
  • 8e3fa11 chore(package): update grunt to version 1.0.1

See the full diff

Package name: noflo-nodejs The new version differs by 103 commits.
  • 4bdffc0 Bump
  • 42de251 Update Travis release key
  • 6aa6b92 Merge pull request #63 from noflo/greenkeeper-noflo-runtime-websocket-0.6.0
  • 91780e0 chore(package): update noflo-runtime-websocket to version 0.6.0
  • cb35e57 Merge pull request #62 from noflo/greenkeeper-noflo-runtime-base-0.7.1
  • 9ca0754 chore(package): update noflo-runtime-base to version 0.7.1
  • e9e0238 Merge pull request #60 from noflo/greenkeeper-noflo-0.7.0
  • 6848ff4 chore(package): update noflo to version 0.7.0
  • 536dd51 Add missing repo ref
  • 57b6c92 Lint index too
  • dfc11f0 Typo fix, fixes #49
  • 116ceef Lint first
  • 3237273 Merge new NoFlo
  • 143abc8 Use STDERR
  • 742f48b Fail early
  • 9d8c911 Test on modern Node.js
  • e60d78a Merge pull request #58 from noflo/greenkeeper-yargs-4.3.2
  • cd934ad Merge pull request #53 from noflo/greenkeeper-grunt-coffeelint-0.0.15
  • 87de7c1 Merge pull request #51 from noflo/greenkeeper-jshint-2.9.1
  • 6ad0fda Merge pull request #50 from noflo/greenkeeper-flowhub-registry-0.0.4
  • 208103c Merge pull request #52 from noflo/loadfile_error
  • 9e65d7d chore(package): update noflo to version 0.6.0
  • d22d278 chore(package): update yargs to version 4.3.2
  • cf0f0e0 chore(package): update grunt-coffeelint to version 0.0.15

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dippyhippy @snyk-bot