spotify-api-graphql-console icon indicating copy to clipboard operation
spotify-api-graphql-console copied to clipboard

Published 20 hours ago verified publisher icon charlypoly

[Snyk] Security upgrade standard-version from 4.2.0 to 5.0.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: standard-version The new version differs by 33 commits.
  • 04513e8 chore(release): 5.0.0
  • 7ab2a28 chore: update to conventional-changelog/nyc with patched handlebars (#304)
  • 69c62cf feat: cli application accept path/preset option (#279)
  • 96216da feat: preserve formatting when writing to package.json (#282)
  • 43e7cdc docs: update README.md with prefix tag docs (#284)
  • 27e2ab4 fix: no --tag prerelease for private module (#296)
  • 7e443da chore: register missing dependencies (#301)
  • 25300ff docs(FAQ): :memo: fix typo (#298)
  • cbedc52 docs(readme): :memo: update code usage (#290)
  • 6826945 docs(readme): fix markdown formatting typo (#289)
  • 844cde6 feat: fallback to tags if no meta-information file found (#275)
  • e86fe6b chore: bump semver version (#257)
  • d90154a fix: show correct pre-release tag in help output (#259)
  • fee872f feat: adds support for bumping for composer versions (#262)
  • e1b5780 fix: bin now enforces Node.js > 4 (#274)
  • 1d46627 chore: update testing matrix
  • e303c44 chore(renovate): disable
  • e5c99f6 chore(release): 4.4.0
  • 04c68a8 chore: npm audit (#244)
  • ba4e7f6 feat: add prerelease lifecycle script hook (closes #217) (#234)
  • b4ed4f9 fix: show full tag name in checkpoint (#241)
  • fbfdf5e doc : added an example of a postcommit hook (#232)
  • 371d992 feat: manifest.json support (#236)
  • 6dac27b docs: add title to LICENSE.txt (#238)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Dec 03 '20 00:12 snyk-bot