generator-pwa icon indicating copy to clipboard operation
generator-pwa copied to clipboard
verified publisher icon hemanth

[Snyk] Security upgrade yeoman-generator from 0.22.6 to 1.0.0

Open hemanth opened this issue 1 year ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yeoman-generator The new version differs by 58 commits.
  • 138ed98 v1.0.0
  • 871ed39 v1.0.0-rc1
  • df7012f Fix composeWith to allow passing explicit arguments for yeoman-generator@<1.0
  • 9aa4e02 Alias desc to description in argument/option config
  • 1b6eede Remove Gruntfile api - Fix #744
  • fedb2fb Update composeWith to take path or namespace as first argument - Fix #983
  • 1885dec Single way of passing both arguments and options to composed generator
  • a852f62 Allow passing arguments to a Generator constructor in the same way as we pass options
  • f6f4dda Fix issue #947 (#982)
  • e1b95d8 Refactor arguments and options parsing
  • a3cab64 Disambiguate cli options from spawn options - Fix #754
  • 687b9be Conflicter to handle null file.contents - Fix #950
  • d6345f7 Pass default options to composed generators automatically - Fix #745
  • bddb942 Fix yarnInstall to add new package - Fix #980
  • cd5e34d Simplify root exports
  • 3601531 Get rid of yeoman-environment proxying
  • 006577a Update tes matrix
  • f633dae Remove NamedBase
  • 16084c6 Remove jshintrc
  • ec9c448 Remove legacy files functions
  • 49ce5f3 Remove deprecated modules
  • f3fb1d5 Save current config to .yo-rc.json (#963)
  • 4eccb2a Add yarnInstall method
  • f632f01 Add version number to generated docs (#978)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

hemanth avatar Apr 19 '24 15:04 hemanth

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] filesystem Transitive: environment, network, shell, unsafe +113 4.07 MB sboudrias

🚮 Removed packages: npm/[email protected]

View full report↗︎

socket-security[bot] avatar Apr 19 '24 15:04 socket-security[bot]