wakatime-cli
wakatime-cli copied to clipboard
[Snyk] Security upgrade keytar from 6.0.1 to 7.1.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
![]() |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: keytar
The new version differs by 29 commits.- 74f472b 7.1.0
- fb33a40 bump node-abi and downstream packages (#326)
- c4683fb Change binding.gyp to fix napi.h not found error (#325)
- bc2ec26 Bump mocha from 8.2.0 to 8.2.1 (#324)
- c435fe4 add support for building and testing with GitHub Actions (#323)
- 321ea32 Add prebuild Electron for arm64 (#319)
- 346fdb7 Bump mocha from 8.1.3 to 8.2.0 (#313)
- 6fbda33 Bump node-gyp from 7.1.0 to 7.1.2 (#312)
- a5162d3 Bump prebuild-install from 5.3.5 to 6.0.0 (#314)
- dd67c9b 7.0.0
- 30f769c Drop Electron v5 and v6 support (#311)
- a6ee40c Fix memory leaks on macOS (#293)
- 13633ed Bump node-addon-api from 3.0.0 to 3.0.2 (#309)
- ed8da7b Bump bl from 3.0.0 to 3.0.1 (#306)
- f6def5b add prebuild targets for Electron 10 (#307)
- f33fee4 add rust bindings to README (#305)
- cdebd3d Bump mocha from 8.1.1 to 8.1.3 (#303)
- 4863f43 Bump node-abi from 2.19.0 to 2.19.1 (#304)
- 8007791 Bump node-abi from 2.18.0 to 2.19.0 (#301)
- 686e450 Bump node-gyp from 7.0.0 to 7.1.0 (#299)
- 0279477 Bump mocha from 8.1.0 to 8.1.1 (#298)
- 48e2fc0 Bump prebuild from 10.0.0 to 10.0.1 (#300)
- a3f76de Bump mocha from 8.0.1 to 8.1.0 (#294)
- 1e22685 Bump lodash from 4.17.15 to 4.17.19 (#289)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.