generator-smarttv [Snyk] Security upgrade yeoman-generator from 1.0.1 to 2.0.3

[Snyk] Security upgrade yeoman-generator from 1.0.1 to 2.0.3

Open snyk-bot opened this issue 3 years ago • 0 comments

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: yeoman-generator

The new version differs by 43 commits.

d8253fc 2.0.3
971c1a8 Fix issue #1050 regarding unsecured dependencies (#1056)
150053c Update Travis version support
967cb0f 2.0.2
d291b78 Bump dependencies
f7b8167 fix: Do not apply user defaults when question.choices is a function. Fix #1051
825305e Fix typo in comment (#1044)
28cbab2 2.0.1
2955a84 Bump dependencies (+ security fix of debug)
9e4ccf5 2.0.0
a29e5d9 Bump dependencies
96da393 Bump package-lock.json
4b1b841 Replace gulp with raw Mocha
6effbfe Use raw nsp
183b3a8 Get rid of before/after (toward jest migration)
68d59c1 Add package-lock.json
f8e46b0 Don't die on diffing file deletions (again) (#1028)
edc2bf2 [comments] Change wrong param name in description (#1018)
364606e Switch to `make-dir`
eaf1ade New: option shorthand on installDependencies method (#1015)
e296e52 Bump XO and minor style tweaks
9da7391 Bump dependencies
b010701 More ES2015ifing
cfd2a8e Refactor install methods to handle promises - ref #1006

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Jan 18 '22 16:01 snyk-bot