generator-pwa
generator-pwa copied to clipboard
hemanth
[Snyk] Fix for 18 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
|
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488 |
Yes | Proof of Concept |
|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
No | Proof of Concept |
|
484/1000 Why? Has a fix available, CVSS 5.4 |
Open Redirect SNYK-JS-GOT-2932019 |
No | No Known Exploit |
|
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-450202 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-73638 |
Yes | Proof of Concept |
|
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASHTEMPLATE-1088054 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:braces:20180219 |
No | Proof of Concept |
|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution npm:lodash:20180130 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-generator
The new version differs by 250 commits.- aad5fac 5.0.0
- 4f4a802 Add transform to expected priority.
- 57d240c Remove only from test.
- 812751f Lint fix
- 33d050f Implement getFeatures for singleton support.
- 99ac2c5 Add transform priority.
- 5136342 Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#1278)
- fa408bd Bump actions/stale from v3.0.15 to v3.0.16 (#1275)
- d7103f3 Drop reference from yeoman-test repository
- b36f294 Bump yeoman-environment to 3.0.0-rc.1
- ee0d1ad Hide shared options and drop support for kebab case options.
- 310f72d Fix spawn destinationRoot.
- 8f4afe9 Switch composeWith to use environment.
- e9d0a15 Remove support for chainning at composeWith.
- c2245e1 Switch from node 10 to 12 at Travis.
- 5be7b07 5.0.0-rc.0
- 8a448b4 Bump yeoman-environment to 3.0.0-rc.0
- 6d6c4b0 Changes to queueTransformStream
- 632d60d Add option to skip parsing options.
- 7050e53 Pass destinationRoot to spawn-command by default.
- 097cd20 Implement package-json mixin.
- 52c90a2 Add merge support to Storage.
- f4336d9 5.0.0-beta.1
- 1952724 Change version to 5.0.0-beta.0
Package name: yeoman-test
The new version differs by 164 commits.- 73826ef 5.0.0
- ff0c7be Bump yeoman-generator and yeoman-environment and move to peer.
- fcdaf79 4.0.2
- 1983cd3 Add peerDependencies for better dedupe.
- 29b653b Disable dependabot for github actions.
- 22242bf Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#137)
- fe070ff 4.0.1
- 75efa14 Change acceptDependencies to new releases.
- 692a9c8 Switch to npm 7 at workflows.
- 33a3e5a Create package-lock.json with npm 7
- b5902e8 Adjusts for environment 3/generator 5.
- 5564d58 Update gh_pages workflow
- 84df43d Switch to main branch
- d5f1af0 Remove milestone and release workflows.
- 0e8fc79 Bump peter-evans/create-pull-request from v2 to v3.8.0 (#135)
- d20d44c 4.0.0
- 16c7ae8 Revert yeoman-environment and yeoman-generator to dependencies and add
- e7d4a6a Bump ini from 1.3.5 to 1.3.8
- 5cb90c3 Bump actions/setup-node from v2.1.2 to v2.1.4
- 4f466bb Fix false positive warning.
- d671104 Bump mem-fs-editor to 8.0.0
- 75041e0 Load yeoman-generator and yeoman-environment at use.
- 373fbb6 4.0.0-beta.0
- c674771 Method toPromise() now returns a RunResult instead of targetDir.
Package name: yosay
The new version differs by 12 commits.- c698632 3.0.0
- 7e41f27 Require Node.js 18 and move to ESM
- edf8387 update deps and cleanup code (#32)
- 30c5652 Reduce test code duplication (#31)
- bcd9a70 2.0.2
- 33feb5b Add license file
- 6c3028e 2.0.1
- 72d685f Set charIndex correctly when sentence contains whitespace (#30)
- 4534a16 2.0.0
- 00c279f ES2015ify
- af09c7a Bump minimum supported `node` version to `node@4`. (#25)
- 1614e0a fix travis
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Request Forgery (CSRF) 🦉 Open Redirect 🦉 More lessons are available in Snyk Learn
