lattice icon indicating copy to clipboard operation
lattice copied to clipboard

Published 20 hours ago verified publisher icon latticejs

[Snyk] Security upgrade nodemon from 1.19.4 to 3.0.0

Open Rahulgarg30591 opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/lattice-ssr/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nodemon The new version differs by 190 commits.
  • f219dcc test: Update release.yml to use ubuntu-latest (#2123)
  • af3b9e2 fix: node@10 support back in
  • a3f0e12 test: package wasn't installing
  • 8ded28c docs: update test runners and add TODO
  • 83ef51d chore: website supporters
  • 86d5f40 fix: also watch cjs
  • 7881f05 chore: remove legacy .nodemon support
  • 04302b8 Merge branch 'Vindeep07-develop'
  • 64c426a Merge branch 'develop' of https://github.com/Vindeep07/nodemon into Vindeep07-develop
  • c13dbbb Merge branch 'Triple-Whale-main'
  • 023e2d1 Merge branch 'main' of https://github.com/Triple-Whale/nodemon into Triple-Whale-main
  • 725569b Merge branch 'ibmi-always-enable-polling' of https://github.com/abmusse/nodemon into abmusse-ibmi-always-enable-polling
  • 6bb8766 fix: semver vuln dep
  • 3b58104 feat: always use polling on IBM i
  • 3681000 update simple-update-notifier
  • 083b4a6 bump simple-update-notifier & semver
  • 6787871 chore: web site render
  • ddbc630 chore: web site render
  • d585386 allow user set PATH
  • 43bdacc Merge branch 'main' of github.com:remy/nodemon
  • 65ad501 chore: web site render
  • 75c275a chore: web site render
  • 272d519 chore: web site render
  • 40a8d45 chore: fix web site render

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Rahulgarg30591 avatar Jul 09 '23 14:07 Rahulgarg30591