hothouse icon indicating copy to clipboard operation
hothouse copied to clipboard

Published 20 hours ago β€’ verified publisher icon Leko

[Snyk] Fix for 1 vulnerabilities

Open snyk-bot opened this issue 4 years ago β€’ 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 Yes No Known Exploit
Commit messages
Package name: eslint The new version differs by 250 commits.
  • a7985a6 6.0.0
  • be74dd9 Build: changelog update for 6.0.0
  • 81aa06b Upgrade: [email protected] (#11869)
  • 5f022bc Fix: no-else-return autofix produces name collisions (fixes #11069) (#11867)
  • ded9548 Fix: multiline-comment-style incorrect message (#11864)
  • cad074d Docs: Add JSHint W047 compat to no-floating-decimal (#11861)
  • 41f6304 Upgrade: sinon (#11855)
  • 167ce87 Chore: remove unuseable profile command (#11854)
  • c844c6f Fix: max-len properly ignore trailing comments (fixes #11838) (#11841)
  • 1b5661a Fix: no-var should not fix variables named 'let' (fixes #11830) (#11832)
  • 4d75956 Build: CI with Azure Pipelines (#11845)
  • 1db3462 Chore: rm superfluous argument & fix perf-multifiles-targets (#11834)
  • c57a4a4 Upgrade: @babel/polyfill => core-js v3 (#11833)
  • 65faa04 Docs: Clarify prefer-destructuring array/object difference (fixes #9970) (#11851)
  • 81c3823 Fix: require-atomic-updates reports parameters (fixes #11723) (#11774)
  • aef8ea1 Sponsors: Sync README with website
  • 4f48f5a 6.0.0-rc.0
  • 6bad650 Build: changelog update for 6.0.0-rc.0
  • f403b07 Update: introduce minKeys option to sort-keys rule (fixes #11624) (#11625)
  • 87451f4 Fix: no-octal should report NonOctalDecimalIntegerLiteral (fixes #11794) (#11805)
  • e4ab053 Update: support "bigint" in valid-typeof rule (#11802)
  • e0fafc8 Chore: removes unnecessary assignment in loop (#11780)
  • 20908a3 Docs: removed '>' prefix from from docs/working-with-rules (#11818)
  • 1c43eef Sponsors: Sync README with website

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

snyk-bot avatar Mar 07 '20 22:03 snyk-bot

Codecov Report

Merging #774 into master will increase coverage by 0.08%. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #774      +/-   ##
==========================================
+ Coverage   45.57%   45.66%   +0.08%     
==========================================
  Files          23       23              
  Lines         509      519      +10     
  Branches       59       59              
==========================================
+ Hits          232      237       +5     
- Misses        252      257       +5     
  Partials       25       25
Impacted Files Coverage Ξ”
packages/hothouse/src/git.js 71.05% <0%> (-2.29%) :arrow_down:
packages/hothouse/src/PackageManagerResolver.js 6.66% <0%> (-0.48%) :arrow_down:
...ckages/hothouse/src/RepositoryStructureResolver.js 6.66% <0%> (-0.48%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 225ec0d...91acbf0. Read the comment docs.

codecov-io avatar Mar 07 '20 22:03 codecov-io