Skip to content

[Snyk] Fix for 1 vulnerabilities#25

Open
dippyhippy wants to merge 1 commit intomasterfrom
snyk-fix-30d675ffaafc1151a17a61d5cb9e13dc
Open

[Snyk] Fix for 1 vulnerabilities#25
dippyhippy wants to merge 1 commit intomasterfrom
snyk-fix-30d675ffaafc1151a17a61d5cb9e13dc

Conversation

@dippyhippy
Copy link
Copy Markdown
Owner

@dippyhippy dippyhippy commented Nov 30, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: noflo The new version differs by 150 commits.
  • cdcb229 Bump
  • efdab6e Merge pull request #413 from noflo/ip_object_all_the_things
  • d0f25e0 Revert test topic
  • ba84ff8 Document the internal IP object change
  • 2d2ea2b 0 is a valid group name
  • 6c976c9 Make internalsocket.post() emit legacy-compatible connect/disconnect events when needed
  • 1512507 Single listing for keeping track of brackets
  • 1677250 Only connect if not connected, and disconnect if connected
  • da48a52 Fix control ports #414
  • 63a617e Merge changes
  • 0ff337b Switch to new InternalSocket events
  • 905c280 Remove duplicate
  • 6c0b055 Autoconnect is handled in InternalSocket
  • 7885f48 Handle IP objects and legacy socket events transparently
  • 84805da Make IP objects easier to identify
  • fea73c9 Document control port change, refs #414
  • 506cf3f Merge pull request #414 from noflo/control_retain_only_data
  • 2f71b36 Remove duplicate
  • 8f56489 Make control ports ignore brackets, fixes #412
  • a368c49 Add a test with brackets to control port
  • 0de1749 Autoconnect is handled in InternalSocket
  • 4027e29 Handle IP objects and legacy socket events transparently
  • 9ea2e7a Make IP objects easier to identify
  • 0868aca Typo in date

See the full diff

Package name: noflo-flow The new version differs by 26 commits.
  • 95cd70f Bump
  • cb5dcc3 Merge pull request #84 from noflo/update_dependencies
  • 492b110 These graphs are now gone
  • 302192a Use ComponentLoader to instantiate
  • 01a4700 Remove unmaintained noflo-cache dep
  • 80c63d8 Add webpack loaders
  • 4118ee9 Update noflo-manifest
  • cd9df21 Update grunt-contrib-coffee
  • ed5ee00 Update grunt-contrib-watch
  • 9bcbd11 Update grunt-coffeelint
  • 44b6c6f Update grunt-contrib-uglify
  • 8538254 Merge remote-tracking branch 'origin/greenkeeper-grunt-noflo-browser-1.0.1' into update_dependencies
  • 38b493b Merge remote-tracking branch 'origin/greenkeeper-grunt-mocha-test-0.13.2' into update_dependencies
  • 5c162ce Update grunt-mocha-phantomjs
  • b9a6b90 Merge remote-tracking branch 'origin/greenkeeper-mocha-3.2.0' into update_dependencies
  • 9308748 Update grunt
  • d9fb5bb Relax NoFlo version dependency
  • 5893423 chore(package): update mocha to version 3.2.0
  • 6e3a5f9 chore(package): update grunt-mocha-test to version 0.13.2
  • 2a1b7b4 chore(package): update grunt-noflo-browser to version 1.0.1
  • a766bf5 chore(package): update grunt-mocha-phantomjs to version 4.0.0
  • 2cf5529 chore(package): update grunt-contrib-uglify to version 2.0.0
  • 0e13402 chore(package): update grunt-coffeelint to version 0.0.16
  • 8e3fa11 chore(package): update grunt to version 1.0.1

See the full diff

Package name: noflo-nodejs The new version differs by 103 commits.
  • 4bdffc0 Bump
  • 42de251 Update Travis release key
  • 6aa6b92 Merge pull request #63 from noflo/greenkeeper-noflo-runtime-websocket-0.6.0
  • 91780e0 chore(package): update noflo-runtime-websocket to version 0.6.0
  • cb35e57 Merge pull request #62 from noflo/greenkeeper-noflo-runtime-base-0.7.1
  • 9ca0754 chore(package): update noflo-runtime-base to version 0.7.1
  • e9e0238 Merge pull request #60 from noflo/greenkeeper-noflo-0.7.0
  • 6848ff4 chore(package): update noflo to version 0.7.0
  • 536dd51 Add missing repo ref
  • 57b6c92 Lint index too
  • dfc11f0 Typo fix, fixes #49
  • 116ceef Lint first
  • 3237273 Merge new NoFlo
  • 143abc8 Use STDERR
  • 742f48b Fail early
  • 9d8c911 Test on modern Node.js
  • e60d78a Merge pull request #58 from noflo/greenkeeper-yargs-4.3.2
  • cd934ad Merge pull request #53 from noflo/greenkeeper-grunt-coffeelint-0.0.15
  • 87de7c1 Merge pull request #51 from noflo/greenkeeper-jshint-2.9.1
  • 6ad0fda Merge pull request #50 from noflo/greenkeeper-flowhub-registry-0.0.4
  • 208103c Merge pull request #52 from noflo/loadfile_error
  • 9e65d7d chore(package): update noflo to version 0.6.0
  • d22d278 chore(package): update yargs to version 4.3.2
  • cf0f0e0 chore(package): update grunt-coffeelint to version 0.0.15

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
74a6d1e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dippyhippy @snyk-bot