generator-es6-npm-module icon indicating copy to clipboard operation
generator-es6-npm-module copied to clipboard

Published 20 hours ago verified publisher icon ghaiklor

[Snyk] Upgrade yeoman-generator from 5.0.0 to 5.0.1

Open ghaiklor opened this issue 4 years ago • 0 comments

Snyk has created this PR to upgrade yeoman-generator from 5.0.0 to 5.0.1.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-02-22.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 265/1000
Why? CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: yeoman-generator
  • 5.0.1 - 2021-02-22
    • Bump xo to 0.38.1 and move to devDependencies. 3f51315

    v5.0.0...v5.0.1

  • 5.0.0 - 2021-02-20

    Breaking changes

    • Requires node 12.
    • Requires [email protected] (unreleased yo@4).
    • Conflicter moved to the Environment.
    • Install action is deprecated and is not included by default.
      • Replaced by package.json manipulation
        • addDependencies({dependency: 'version'})
        • addDevDependencies({dependency: 'version'})
        • this.packageJson storage. Eg: this.packageJson.merge({scripts: {test: 'mocha'}});
      • Install task will be executed later by the Environment when package.json changes.
      • To load it:
    const Generator = require('yeoman-generator');
-_.extend(Generator.prototype, require('yeoman-generator/lib/actions/install'));
    • Singleton Generators support passing unique: 'namespace' or unique: 'argument'.
      constructor(args, options = {}) {
    super(args, {...options, unique: 'namespace'}
  }
    • Misc
      • this.(spawnCommand/spawnCommandSync) switched to execa and now defaults cwd to this.destinationRoot().
      • Dropped support for kebab case options.
      • composeWith() isn't chainable anymore and delegates the running to the Environment for singleton checks.
      • Replaced registerTransformStream with queueTransformStream.
        New api executes transformations before the commit operation, and is executed for every generator.
      • Dependencies update.

    v4.13.0...v5.0.0

from yeoman-generator GitHub release notes
Commit messages
Package name: yeoman-generator
  • 9b55fde 5.0.1
  • 3f51315 Bump xo to 0.38.1 and move to devDependencies.
  • 3b0c91f Disable dependabot for github actions.
  • d23d1bb Bump yeoman-test to 4.0.2 and add dependency on itself for

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

ghaiklor avatar Mar 16 '21 03:03 ghaiklor