generator-pwa icon indicating copy to clipboard operation
generator-pwa copied to clipboard
verified publisher icon hemanth

[Snyk] Fix for 1 vulnerabilities

Open hemanth opened this issue 3 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 798/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yeoman-test The new version differs by 164 commits.
  • 73826ef 5.0.0
  • ff0c7be Bump yeoman-generator and yeoman-environment and move to peer.
  • fcdaf79 4.0.2
  • 1983cd3 Add peerDependencies for better dedupe.
  • 29b653b Disable dependabot for github actions.
  • 22242bf Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#137)
  • fe070ff 4.0.1
  • 75efa14 Change acceptDependencies to new releases.
  • 692a9c8 Switch to npm 7 at workflows.
  • 33a3e5a Create package-lock.json with npm 7
  • b5902e8 Adjusts for environment 3/generator 5.
  • 5564d58 Update gh_pages workflow
  • 84df43d Switch to main branch
  • d5f1af0 Remove milestone and release workflows.
  • 0e8fc79 Bump peter-evans/create-pull-request from v2 to v3.8.0 (#135)
  • d20d44c 4.0.0
  • 16c7ae8 Revert yeoman-environment and yeoman-generator to dependencies and add
  • e7d4a6a Bump ini from 1.3.5 to 1.3.8
  • 5cb90c3 Bump actions/setup-node from v2.1.2 to v2.1.4
  • 4f466bb Fix false positive warning.
  • d671104 Bump mem-fs-editor to 8.0.0
  • 75041e0 Load yeoman-generator and yeoman-environment at use.
  • 373fbb6 4.0.0-beta.0
  • c674771 Method toPromise() now returns a RunResult instead of targetDir.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

hemanth avatar Apr 29 '22 21:04 hemanth