Skip to content

[Snyk] Fix for 3 vulnerabilities#5

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-7bee73e89037877851e9f2ca459021cc
Open

[Snyk] Fix for 3 vulnerabilities#5
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-7bee73e89037877851e9f2ca459021cc

Conversation

@snyk-bot
Copy link
Copy Markdown

@snyk-bot snyk-bot commented Sep 25, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 526/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.1		 Arbitrary Code Injection
SNYK-JS-EJS-1049328		 Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: globby The new version differs by 33 commits.
  • 878ef6e 10.0.0
  • 3706920 Upgrade `fast-glob` package to v3 (#126)
  • 8aadde8 Add `globby.stream` (#113)
  • 2dd76d2 Remove `**/bower_components/**` as a default ignore pattern
  • 9f781ce Require Node.js 8
  • 04d51bf Upgrade `ignore` package (#120)
  • 2b61484 Readme tweaks
  • ff3e1f9 Tidelift tasks
  • 31f18ae Create funding.yml
  • 33ca01c Fix using the `gitignore` and `stats` options together (#121)
  • c737820 Minor TypeScript definition improvements
  • 82db101 Add Node.js 12 to testing (#117)
  • 766b728 9.2.0
  • dc0a49c Refactor TypeScript definition to CommonJS compatible export (#115)
  • 89cee24 9.1.0
  • 59f4b48 Add check to ensure `cwd` is a directory (#110)
  • 9a9cf1e Add TypeScript definition (#111)
  • eb26c7e Meta tweaks
  • d77a623 Add failing test for #105 (#108)
  • 2294618 Deduplicate identical file patterns (#102)
  • ba9c267 Add failing test for #97 (#100)
  • 71b9c58 9.0.0
  • 39ad0d9 Update dependencies
  • d804228 Fix compatibility with latest `dir-glob` release (#99)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 Arbitrary Code Injection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot