tiny-care-terminal
tiny-care-terminal copied to clipboard
notwaldorf
[Snyk] Upgrade gitlog from 4.0.0 to 4.0.4
Snyk has created this PR to upgrade gitlog from 4.0.0 to 4.0.4.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 4 versions ahead of your current version.
- The recommended version was released 2 years ago, on 2021-01-05.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Command Injection SNYK-JS-GITLOG-1070779 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: gitlog
-
4.0.4 - 2021-01-05
🐛 Bug Fix- Fix build + lint #68 (@ hipstersmoothie)
- fix lint and run build/test/lint on PRs #66 (@ hipstersmoothie)
- Patch command injection vulnerability #65 (@ ron-checkmarx)
Authors: 2
- Andrew Lisowski (@ hipstersmoothie)
- Ron (@ ron-checkmarx)
-
4.0.3 - 2020-10-05
🐛 Bug Fix- ensure large amount of renames doesn't break git log #63 (@ hipstersmoothie)
Authors: 1
- Andrew Lisowski (@ hipstersmoothie)
-
4.0.2 - 2020-10-02
🎉 This release contains work from a new contributor!🎉 Thank you, Chris NeJame (@ SalmonMode), for all your work!
🐛 Bug Fix- Add support for getting commits of line range #61 (@ SalmonMode)
Authors: 1
- Chris NeJame (@ SalmonMode)
-
4.0.1 - 2020-10-01
🎉 This release contains work from new contributors!🎉 Thanks for all your work!
❤️ Asjid Kalam (@ Asjidkalam)❤️ Jamie Slome (@ JamieSlome)❤️ huntr-helper (@ huntr-helper)🐛 Bug Fix- Revert "Security Fix for RCE on "gitlogplus" - huntr.dev" #62 (@ hipstersmoothie)
- Security Fix for RCE on "gitlogplus" - huntr.dev #59 (@ Asjidkalam @ JamieSlome @ huntr-helper)
Authors: 4
- Andrew Lisowski (@ hipstersmoothie)
- Asjid Kalam (@ Asjidkalam)
- huntr-helper (@ huntr-helper)
- Jamie Slome (@ JamieSlome)
-
4.0.0 - 2020-04-13
💥 Breaking Change- update readme to fix cjs usage #53 (@ hipstersmoothie)
Authors: 1
- Andrew Lisowski (@ hipstersmoothie)
Commit messages
Package name: gitlog
- 9c12a31 Bump version to: 4.0.4 [skip ci]
- c161191 Update contributors [skip ci]
- ba32713 Update CHANGELOG.md [skip ci]
- 572d9ca Merge pull request #68 from domharrington/fixes
- 165100a fix formatting and build
- ac30a13 fix build
- 32ee9d9 Merge pull request #66 from domharrington/fix
- 32872a3 upgrade dev deps
- 45b6a9f fix lint and run build/test/lint on PRs
- ba1bdee Merge pull request #65 from ron-checkmarx/patch-1
- df162ea fix typo
- 91989ed test for command injection regression
- bb22ffb Use child_process.execFile instead of child_process.exec
- 256a961 Bump version to: 4.0.3 [skip ci]
- 6c9b074 Update CHANGELOG.md [skip ci]
- cdda193 Merge pull request #63 from domharrington/l0
- 9139676 ensure large amount of renames doesnt break git log
- 7cdfd08 Bump version to: 4.0.2 [skip ci]
- f8c780e Update contributors [skip ci]
- 542a04e Update CHANGELOG.md [skip ci]
- f26a134 Merge pull request #61 from SalmonMode/file-line-range
- af715c4 Add support for getting commits of line range
- e224f24 Bump version to: 4.0.1 [skip ci]
- a9b2872 Update contributors [skip ci]
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
