jmix-frontend
jmix-frontend copied to clipboard
Haulmont
[Snyk] Security upgrade yeoman-environment from 3.6.0 to 4.0.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/jmix-front-generator/package.json
- packages/jmix-front-generator/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
No | No Known Exploit |
 |
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-environment
The new version differs by 236 commits.- 8ead0c2 4.0.0
- 1250965 try to fix lint errors
- c7028e1 fix npm audit problems and adjusts
- eae5a81 4.0.0-rc.0
- e668ddc bump dependencies
- 8d4147e bump yeoman-generator-6
- 47cdc8f fix eslint error
- 7f104a7 integrate yeoman-generator (2, 4 and 5) tests.
- 2569915 rework commitSharedFsTask for mem-fs@4
- adcda06 4.0.0-beta.6
- f8f26a3 bump dependencies and allow mem-fs@4
- 100c609 make logCwd public
- 12cb28f remove mem-fs-editor instance from environment
- 3877e04 4.0.0-beta.5
- bd8e8e6 update conflicter (#492)
- c88cb66 drop node 16 support
- 9bb755e fix conflicter's ignore option
- 367a340 Bump actions/checkout from 3 to 4 (#490)
- ecac892 4.0.0-beta.4
- b3ffea0 bump development dependencies.
- 960d627 increase stale for PRs
- 9323a1f allow dependabot to update typescript
- b28085d create package-lock.json
- 5ed4c37 drop tui-jsdoc-template dependency
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS)
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
