libreact icon indicating copy to clipboard operation
libreact copied to clipboard
verified publisher icon MailOnline

[Snyk] Fix for 1 vulnerabilities

Open claudiorodriguez opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @semantic-release/git The new version differs by 36 commits.
  • 94e9e12 fix(package): update micromatch to version 4.0.0
  • 7ee4af9 fix(package): update p-reduce to version 2.0.0
  • aa07a61 chore(package): update get-stream to version 5.0.0
  • 98f382c chore(package): update ava to version 1.3.1
  • f720fb9 chore(package): update xo to version 0.24.0
  • 71be783 fix: update globby to latest version Pierre Vanduynslager committed
  • ffe83a4 chore(package): update ava to version 1.0.1
  • f8857d5 fix(package): update aggregate-error to version 2.0.0
  • 7f26c5d fix: look for modified fiels to commit only if there files matching the globs
  • 651224e build: remove unnecessary `docker` service in Travis
  • 7f80ca3 docs: fix minor formatting issue in `message` option notes
  • 8efcce5 chore(package): update nyc and sinon
  • 90f436a docs: update semantic-release default branch in links
  • 39c660e style: fix prettier errors
  • e1aac3d fix: use default value for `null` options
  • 15208d8 docs: harmonize docs with other plugins
  • 39abf04 chore(package): update commitizen to version 3.0.0
  • ca9de5f fix(package): update debug to version 4.0.0
  • 928f82f chore(package): update xo to version 0.23.0
  • a35f990 fix(package): update execa to version 1.0.0
  • 20809c3 fix(package): update execa to version 0.11.0
  • 87bdf03 chore(package): update get-stream to version 4.0.0
  • ad72012 docs: add note about branch protection
  • e1329ca chore(package): update xo to version 0.22.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

claudiorodriguez avatar Jan 11 '23 13:01 claudiorodriguez