[Snyk] Security upgrade adm-zip from 0.4.16 to 0.5.2

Open wouldgo opened this issue 4 years ago • 0 comments

merge advice

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	656/1000 Why? Recently disclosed, Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 25 commits.

c5aeed4 Incremented version number
119dcad Fixed path traversal issue GHSL-2020-198
1d22ff6 Merge pull request #341 from 5saviahv/history
492d148 added changelog
dd415ae Incremented version
0f011a3 Fixed outFileName
bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
92e9836 Updated dev dependency
2b8d9ab Merge pull request #315 from enecciari/work_in_browser
4fe58d1 Merge pull request #322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
49218a4 Merge pull request #327 from kosuke-suzuki/multibyte-comment
a7e8932 Merge pull request #331 from 5saviahv/master
7db0eda modified addLocalFolder method
e114929 typo
dc81063 modified addLocalFile method
bc0f594 Deflate needs min V2.0
dde4f51 Node v6
003d4cf Added ZipCrypto decrypting ability
63ed6e2 Detect and throw error with encrypted files
c64ac14 LICENSE filename in package.json
1a334b2 add multibyte-encoded comment with byte length instead of character length
96d492a Bump lodash from 4.17.15 to 4.17.19
b77f380 now it works in browser
218feee Merge remote-tracking branch 'upstream/master'

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Feb 18 '21 21:02 wouldgo