jiractl icon indicating copy to clipboard operation
jiractl copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade tmp from 0.1.0 to 0.2.2

Open decompil3d opened this issue 11 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: tmp The new version differs by 86 commits.
  • 9fcf3ce Merge pull request #294 from raszi/fix/update-version
  • 7e5f154 Update version
  • 9958e21 Update Changelog
  • 93854c2 Merge pull request #293 from raszi/fix/rimraf
  • 04371f3 Add 20.x to the CI
  • e498d91 Drop Node v12 compatibility
  • 00bb5b2 Update rimraf and drop old Node compatibility
  • aab7312 Merge pull request #283 from raszi/dependabot/npm_and_yarn/flat-and-mocha-5.0.2
  • 5643de3 Merge pull request #288 from dnicolson/patch-1
  • d0f7f43 Update README.md
  • 3a81a17 Bump flat and mocha
  • da3bc1a update docs
  • 15d0692 update readme
  • d6be356 update note on previously undocumented breaking changes
  • 31bf774 update changelog
  • da08266 update docs
  • 2160076 fix info on previously undocumented breaking changes
  • c492308 add info on previously undocumented breaking changes
  • 7c9196c add compatibility information on v0.2.2
  • 541b198 switching to github actions
  • 7c31bbb add data parameter to writeFileSync call
  • 455cbd3 fix matrix in ci workflow
  • 970bf34 add windows-latest to ci workflow
  • 0dac212 remove package-lock.json from gitignore

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

decompil3d avatar Feb 29 '24 05:02 decompil3d