lattice [Snyk] Security upgrade systeminformation from 3.54.0 to 4.26.2

[Snyk] Security upgrade systeminformation from 3.54.0 to 4.26.2

Open snyk-bot opened this issue 4 years ago • 0 comments

merge advice

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/apollo-real-time-chart/package.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	651/1000 Why? Recently disclosed, Has a fix available, CVSS 7.3	Command Injection SNYK-JS-SYSTEMINFORMATION-1023168	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: systeminformation

The new version differs by 250 commits.

26be10b 4.26.2
3e54211 processes() memory leak fix, security issue fix
5559591 smaller corections memory leak fix
bad372e improved shell sanitation
1475505 Merge branch 'master' of https://github.com/sebhildebrandt/systeminformation
f89a2ec security fix exploits, memory leak fix
d4f29c9 4.26.1
269b928 code cleanup
dc88096 4.26.0
586065f merged get full S.M.A.R.T data, updated docs
2db0a99 Merge pull request #368 from mily20001/feature/smartctl
bafcb0f 4.25.2
fd8e7ff getAllData() added wifiNetworks
3fbd712 Merge branch 'master' of https://github.com/sebhildebrandt/systeminformation
5f2beb7 getAllData() added wifiNetworks
b179560 4.25.1
d1e2146 get() minor bounds test fix, updated docs
bcdbf99 updated docs
e44e13e 4.25.0
8fa0d30 get() added function to get partial system info
ba3469d 4.24.2
8e783f2 cpu() fix BSD, networkStats() fix BSD
1fd784f 4.24.1
7715043 processes() fix parsing command and params

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Oct 29 '20 03:10 snyk-bot