foundation-v1-server
foundation-v1-server copied to clipboard
blinkhash
[Snyk] Upgrade pm2 from 5.2.0 to 5.4.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade pm2 from 5.2.0 to 5.4.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
-
The recommended version is 5 versions ahead of your current version.
-
The recommended version was released on 22 days ago.
Issues fixed by the recommended upgrade:
| Issue | Score | Exploit Maturity | |
|---|---|---|---|
 |
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459 |
676 | Proof of Concept |
|
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137 |
676 | Proof of Concept |
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857 |
676 | Proof of Concept |
|
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610 |
676 | Proof of Concept |
Release notes
Package name: pm2
-
5.4.0 - 2024-05-24
- drop old uuid sub dependency
- #5782 add autostart true||false feature by @ ultimate-tester
- update modules
-
5.3.1 - 2024-01-20
- Fix terminal width when condensed cac8393
- Auto run tsx/ts files with bun binary instead of ts-node f122aab
- #5686 Switch from Travis CI to Github Actions
- #5680 Fixed reserved keyword for ES6 Strict Mode when Bundling @ juaneth
- #5683 update badges
- #5684 auto switch light and dark mode logos
- #5678 Bugfix/deploy ecosystem filename extension / esm module default ecosystem config name @ TeleMediaCC
- #5660 Fix matching logic for logs from namespace when lines = 0 @ bawjensen
- fix "vulnerabilities" in axios module
-
5.3.0 - 2023-03-15
- fix: replace non-working condition that blocks flush from clearing the logs #5533 @ Sailboat265
- fix: ESM script loader #5524 @ BlueWater86
- 5.2.2 - 2022-10-13
- 5.2.1 - 2022-10-13
-
5.2.0 - 2022-02-17
- replace node-cron by croner (#5183 #5035)
- upgrade mocha deps
- fix pm2 report when daemon not running
- remove semver check for legacy node.js versions
- update node version in setup.deb.sh by using lts (#5201) + openrc
- replace legacy util._extend by Object.assign (#5239)
- add missing start options types (#5242)
- recursive detection of package.json (#5267)
- make tarball module uninstall cross-platform (#5269)
- Fix unnecessary "ENOENT" console.error when serving a spa (#5272)
- fix: used env variable instead of hardcode datetime format (#5277)
- copyright update (#5278)
- fix: remove constants import from VersionCheck (not needed) (#5279)
- Reduce async import (#5280)
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- This PR was automatically created by Snyk using the credentials of a real user.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 99.54%. Comparing base (
5d5011c) to head (72baa31).
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@ Coverage Diff @@
## master #211 +/- ##
=======================================
Coverage 99.54% 99.54%
=======================================
Files 13 13
Lines 1324 1324
Branches 321 321
=======================================
Hits 1318 1318
Misses 5 5
Partials 1 1
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
