hemanth
[Snyk] Fix for 1 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3 |
Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-test
The new version differs by 164 commits.- 73826ef 5.0.0
- ff0c7be Bump yeoman-generator and yeoman-environment and move to peer.
- fcdaf79 4.0.2
- 1983cd3 Add peerDependencies for better dedupe.
- 29b653b Disable dependabot for github actions.
- 22242bf Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#137)
- fe070ff 4.0.1
- 75efa14 Change acceptDependencies to new releases.
- 692a9c8 Switch to npm 7 at workflows.
- 33a3e5a Create package-lock.json with npm 7
- b5902e8 Adjusts for environment 3/generator 5.
- 5564d58 Update gh_pages workflow
- 84df43d Switch to main branch
- d5f1af0 Remove milestone and release workflows.
- 0e8fc79 Bump peter-evans/create-pull-request from v2 to v3.8.0 (#135)
- d20d44c 4.0.0
- 16c7ae8 Revert yeoman-environment and yeoman-generator to dependencies and add
- e7d4a6a Bump ini from 1.3.5 to 1.3.8
- 5cb90c3 Bump actions/setup-node from v2.1.2 to v2.1.4
- 4f466bb Fix false positive warning.
- d671104 Bump mem-fs-editor to 8.0.0
- 75041e0 Load yeoman-generator and yeoman-environment at use.
- 373fbb6 4.0.0-beta.0
- c674771 Method toPromise() now returns a RunResult instead of targetDir.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Control of Dynamically-Managed Code Resources
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/[email protected] | filesystem Transitive: environment, shell, unsafe | +102 |
4.08 MB | mshima |
| npm/[email protected] | filesystem Transitive: environment, unsafe | +60 |
2.57 MB | mshima |
🚮 Removed packages: npm/[email protected], npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}