lattice
lattice copied to clipboard
Published
20 hours ago •
latticejs
latticejs
[Snyk] Security upgrade nodemon from 1.19.4 to 2.0.3
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/lattice-ssr/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: nodemon
The new version differs by 16 commits.- ee92ee4 test: split require tests
- 33ae6da test: fix failing test when required
- a4490e2 fix: package.json & package-lock.json to reduce vulnerabilities
- 9bd07eb docs: changed verbose logging and CLI documentation to reflect support single file watch functionality
- c279760 test: make sigint test to actually check child pid (#1656)
- cd45d74 test: fix fork test
- 496c335 chore: undo change to spawn code
- 47dfb8b fix: pipe stderr correctly
- ed91703 fix: ubuntu loop waiting for sub processes
- 9a67f36 feat: update chokidar to v3
- 6781b40 docs: add license file
- 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
- b58cf7d chore: Merge branch 'master'
- 95a4c09 docs: add to faq
- 3a2eaf7 choe: merge master
- 3d90879 chore: add logo to site
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
