monument
monument copied to clipboard
Published
20 hours ago •
ansble
ansble
[Snyk] Security upgrade iltorb from 2.4.0 to 2.4.5
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
No | Proof of Concept |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Remote Memory Exposure SNYK-JS-BL-608877 |
No | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-INI-1048974 |
No | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
No | Proof of Concept |
 |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
No | Proof of Concept |
|
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8 |
Information Exposure SNYK-JS-SIMPLEGET-2361683 |
No | Proof of Concept |
|
454/1000 Why? Has a fix available, CVSS 4.8 |
Arbitrary File Overwrite SNYK-JS-TARFS-174556 |
No | No Known Exploit |
|
434/1000 Why? Has a fix available, CVSS 4.4 |
Time of Check Time of Use (TOCTOU) npm:chownr:20180731 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: iltorb
The new version differs by 34 commits.- 01907fe Bump to v2.4.5 (#109)
- 4455453 Bump to v2.4.4
- c58603e Add support for Node 13 (#101)
- 7dbb84d Bump node-gyp from 5.0.5 to 6.0.0
- 4cb5ff4 Update cross-env requirement from ^5.2.0 to ^6.0.0
- ffb1966 Update cross-spawn requirement from ^6.0.5 to ^7.0.0
- af5d9b1 Update node-gyp requirement from ^4.0.0 to ^5.0.0
- e09fdc7 Drop support for Node 11
- d025270 Update prebuild requirement from ^8.2.1 to ^9.0.0 (#94)
- a53503a Update ava requirement from ^1.4.1 to ^2.0.0 (#93)
- 7f4c846 Drop support for Node 6 (#89)
- 7040779 Bump to v2.4.3
- 9a088c3 Change node install method on appveyor
- d3aa1b4 Address deprecation and compiler warnings
- a02cd10 Node 12 support
- f96e804 Fix git submodule command for circleci
- cbd12a5 Remove unused code
- b7fde84 Update deps
- e9d2ead Bump to v2.4.2
- bb5f12a Revert back to nan (#83)
- b6e2b18 Update ava
- cb5925a Fix Node 11 builds (#81)
- 8d012d4 Bump to v2.4.1
- 90fbbd3 fix AppVeyor config
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution
