lattice icon indicating copy to clipboard operation
lattice copied to clipboard

Published 20 hours ago verified publisher icon latticejs

[Snyk] Security upgrade execa from 1.0.0 to 2.1.0

Open Rahulgarg30591 opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/clap/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: execa The new version differs by 158 commits.
  • e98561a 2.1.0
  • c6a24ec Add `error.originalMessage` property (#373)
  • f9bd317 Upgrade cross-spawn to 7.0.0 (#367)
  • f620305 Document the reasons why the returned promise might fail (#364)
  • 7c19345 Revert "Add a sentence about job search (#293)" (#352)
  • 48067c4 Properly clean up child processes created during tests (#349)
  • 603537a 2.0.5
  • d268fd1 Make execa compatible with Node.js 13.0.0-pre (#370)
  • ac2bc15 2.0.4
  • 211febe Fix errors being thrown when `detached: true` or `cleanup: false` is used (#360)
  • 0cdc62c 2.0.3
  • aa070b8 Add missing `result.all` TypeScript definition (#345)
  • b46cba1 Fix test for Node `>= 12.6.0` (#348)
  • 19e58fe Separate `process.env`-related logic to its own function (#341)
  • c9b4d09 Readme tweaks (#340)
  • 82d2a4a Add tip on how to execute the current package's binary (#339)
  • 8977752 2.0.2
  • 6a8e9ac Do not read streams more than once (#330)
  • 7d51047 Move `onExit()` cleanup code next to `onExit()` (#337)
  • 0241d6e Improve tests for the `timeout` option (#332)
  • 2a7551f Refactor the `timeout` option (#333)
  • 9020f28 Rename `stdioOption` variable (#334)
  • b336fbf Make the synchronous errors code clearer (#331)
  • 46daa7b Separate command-related logic into its own file (#329)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Rahulgarg30591 avatar Jun 21 '23 19:06 Rahulgarg30591