generator-pwa
generator-pwa copied to clipboard
hemanth
[Snyk] Fix for 3 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1 |
Arbitrary Code Injection SNYK-JS-EJS-1049328 |
Yes | Proof of Concept |
|
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
No | Proof of Concept |
 |
753/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-generator
The new version differs by 58 commits.- 138ed98 v1.0.0
- 871ed39 v1.0.0-rc1
- df7012f Fix composeWith to allow passing explicit arguments for yeoman-generator@<1.0
- 9aa4e02 Alias desc to description in argument/option config
- 1b6eede Remove Gruntfile api - Fix #744
- fedb2fb Update composeWith to take path or namespace as first argument - Fix #983
- 1885dec Single way of passing both arguments and options to composed generator
- a852f62 Allow passing arguments to a Generator constructor in the same way as we pass options
- f6f4dda Fix issue #947 (#982)
- e1b95d8 Refactor arguments and options parsing
- a3cab64 Disambiguate cli options from spawn options - Fix #754
- 687b9be Conflicter to handle null file.contents - Fix #950
- d6345f7 Pass default options to composed generators automatically - Fix #745
- bddb942 Fix yarnInstall to add new package - Fix #980
- cd5e34d Simplify root exports
- 3601531 Get rid of yeoman-environment proxying
- 006577a Update tes matrix
- f633dae Remove NamedBase
- 16084c6 Remove jshintrc
- ec9c448 Remove legacy files functions
- 49ce5f3 Remove deprecated modules
- f3fb1d5 Save current config to .yo-rc.json (#963)
- 4eccb2a Add yarnInstall method
- f632f01 Add version number to generated docs (#978)
Package name: yeoman-test
The new version differs by 164 commits.- 73826ef 5.0.0
- ff0c7be Bump yeoman-generator and yeoman-environment and move to peer.
- fcdaf79 4.0.2
- 1983cd3 Add peerDependencies for better dedupe.
- 29b653b Disable dependabot for github actions.
- 22242bf Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#137)
- fe070ff 4.0.1
- 75efa14 Change acceptDependencies to new releases.
- 692a9c8 Switch to npm 7 at workflows.
- 33a3e5a Create package-lock.json with npm 7
- b5902e8 Adjusts for environment 3/generator 5.
- 5564d58 Update gh_pages workflow
- 84df43d Switch to main branch
- d5f1af0 Remove milestone and release workflows.
- 0e8fc79 Bump peter-evans/create-pull-request from v2 to v3.8.0 (#135)
- d20d44c 4.0.0
- 16c7ae8 Revert yeoman-environment and yeoman-generator to dependencies and add
- e7d4a6a Bump ini from 1.3.5 to 1.3.8
- 5cb90c3 Bump actions/setup-node from v2.1.2 to v2.1.4
- 4f466bb Fix false positive warning.
- d671104 Bump mem-fs-editor to 8.0.0
- 75041e0 Load yeoman-generator and yeoman-environment at use.
- 373fbb6 4.0.0-beta.0
- c674771 Method toPromise() now returns a RunResult instead of targetDir.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
