jiractl icon indicating copy to clipboard operation
jiractl copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Fix for 1 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yargs The new version differs by 84 commits.
  • aa09faf chore: release 15.0.1 (#1480)
  • 6a9ebe2 fix(deps): cliui, find-up, and string-width, all drop Node 6 support (#1479)
  • 5cc2b5e chore: release 15.0.0 (#1462)
  • 62a114a force build
  • 1840ba2 feat: expose `Parser` from `require('yargs/yargs')` (#1477)
  • afd5b48 fix(docs): update boolean description and examples in docs (#1474)
  • c10c38c feat(deps)!: yargs-parser now throws on invalid combinations of config (#1470)
  • 0cba424 build: switch to release-please for releases (#1471)
  • 445bc58 chore: update engines to note Node 6 is dropped (#1469)
  • 52d875a test: add additional test for 1459
  • 12c82e6 fix: stop-parse was not being respected by commands (#1459)
  • b4812ac test: add tests for argsert warning to display positional information (#1468)
  • 10f10ee test: cover missing filter arg in obj-filter (#1467)
  • cb0396f build: switch to c8 for coverage (#1464)
  • ebee59d fix!: update to yargs-parser with fix for array default values (#1463)
  • 5120aec test: adds missing array choice regression test (#1447)
  • 2ba8ce0 chore!: drop Node 6 support (#1461)
  • cb64329 build: configure release-please
  • 0d3642b refactor!: remove package.json-based parserConfiguration (#1460)
  • 9adf22e doc(webpack): webpack example (#1436)
  • 7e1c8fc Add missing french translation (#1456)
  • b1b156a fix(docs): TypeScript import to prevent a future major release warning (#1441)
  • bc3c4d1 chore(release): 14.2.0
  • 4d21520 feat(deps): introduce yargs-parser with support for unknown-options-as-args (#1440)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Sep 16 '21 06:09 snyk-bot

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Jul 25 '22 19:07 sonarqubecloud[bot]