jmix-frontend
jmix-frontend copied to clipboard
Haulmont
[Snyk] Fix for 1 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/jmix-front-generator/package.json
- packages/jmix-front-generator/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-environment
The new version differs by 236 commits.- 8ead0c2 4.0.0
- 1250965 try to fix lint errors
- c7028e1 fix npm audit problems and adjusts
- eae5a81 4.0.0-rc.0
- e668ddc bump dependencies
- 8d4147e bump yeoman-generator-6
- 47cdc8f fix eslint error
- 7f104a7 integrate yeoman-generator (2, 4 and 5) tests.
- 2569915 rework commitSharedFsTask for mem-fs@4
- adcda06 4.0.0-beta.6
- f8f26a3 bump dependencies and allow mem-fs@4
- 100c609 make logCwd public
- 12cb28f remove mem-fs-editor instance from environment
- 3877e04 4.0.0-beta.5
- bd8e8e6 update conflicter (#492)
- c88cb66 drop node 16 support
- 9bb755e fix conflicter's ignore option
- 367a340 Bump actions/checkout from 3 to 4 (#490)
- ecac892 4.0.0-beta.4
- b3ffea0 bump development dependencies.
- 960d627 increase stale for PRs
- 9323a1f allow dependabot to update typescript
- b28085d create package-lock.json
- 5ed4c37 drop tui-jsdoc-template dependency
Package name: yeoman-generator
The new version differs by 144 commits.- 5e59844 6.0.0
- 4296f50 6.0.0-rc.6
- b224faa fix typo
- 7f1f8e1 allow to customize queueTransformStream priority
- 0eb085f 6.0.0-rc.5
- 232587e Run own or immediately extended beforeQueue (#1475)
- 1938e71 Bump actions/checkout from 3 to 4 (#1473)
- 2d8b8b1 Bump execa from 7.1.1 to 8.0.1 (#1469)
- 5b729fe Bump read-pkg-up from 9.1.0 to 10.1.0 (#1470)
- 465aea2 6.0.0-rc.4
- df635f1 Fix composeLocallyWithOptions with a factory
- 7e6b0c0 6.0.0-rc.3
- 5291e9c allow to ignore 'This Generator is empty' error
- 454b3ec Bump c8 from 7.13.0 to 8.0.0 (#1457)
- 077c6e9 6.0.0-rc.2
- 02e6785 don't emit error at environment, environment's queueTask to handle failures.
- a75dbf8 6.0.0-rc.1
- 7fa5597 replace lodash with lodash-es
- fbae307 use TestAdapter from @ yeoman/adapter
- 580ba5c add spawn/spawnSync
- 66fd6be bump got package
- 9428e88 Revert "disable spawn-command test due to got package bug."
- 1d2889d make test compatible with environment 4
- 1a11e03 6.0.0-rc.0
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
