[Snyk] Security upgrade minimist from 1.2.0 to 1.2.2 by snyk-bot · Pull Request #20 · ubenzer/fil

snyk-bot · 2020-03-16T21:33:20Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept

Commit messages

Package name: minimist

The new version differs by 10 commits.

f34df07 1.2.2
67d3722 cleanup
63e7ed0 don't assign onto __proto__
47acf72 console.dir -> console.log
0efed03 failing test for protocol pollution
29783cd 1.2.1
6be5dae add test
ac3fc79 fix bad boolean regexp
4cf45a2 Merge pull request #63 from lydell/dash-dash-docs-fix
5fa440e move the `opts['--']` example back where it belongs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

codecov · 2020-03-16T21:34:57Z

Codecov Report

Merging #20 into master will not change coverage by %.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #20   +/-   ##
=======================================
  Coverage   17.50%   17.50%           
=======================================
  Files           9        9           
  Lines         417      417           
  Branches       38       38           
=======================================
  Hits           73       73           
  Misses        344      344

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5579e6e...c32440a. Read the comment docs.

fix: package.json & package-lock.json to reduce vulnerabilities

c32440a

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade minimist from 1.2.0 to 1.2.2#20

[Snyk] Security upgrade minimist from 1.2.0 to 1.2.2#20
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-8baa049d2deb9154231b27b301aca57c

snyk-bot commented Mar 16, 2020

Uh oh!

codecov bot commented Mar 16, 2020 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

snyk-bot commented Mar 16, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

codecov bot commented Mar 16, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

codecov bot commented Mar 16, 2020 •

edited

Loading