newman-reporter-html icon indicating copy to clipboard operation
newman-reporter-html copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

[Snyk] Fix for 2 vulnerabilities

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 490/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 No No Known Exploit
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Improper Privilege Management
SNYK-JS-SHELLJS-2332187		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint-plugin-mocha The new version differs by 36 commits.
  • b2d8c9e 6.3.0
  • b91a2f8 Update dependencies
  • c470a3d Merge pull request #238 from lo1tuma/fix-nested
  • a18680d Merge pull request #239 from lo1tuma/fix-top-level
  • 2633908 Fix max-top-level-suites to ignore generated suites
  • 46f716d no-hooks-for-single-case: fix false postive in nested suites
  • 1c3a545 Merge pull request #237 from lo1tuma/template-strings
  • 6255546 Check static template strings in valid-test-description and valid-suite-description
  • 7eea93d Merge pull request #236 from lo1tuma/no-hooks-option
  • 8778d96 no-hooks: add option to allow certain kind of hooks
  • 36c9e67 Merge pull request #235 from brettz9/nondeprecated-rule-format
  • 471e354 Switch to nondeprecated eslint rule format
  • 8cf8640 Merge pull request #234 from brettz9/schemas-for-options
  • c1f8049 Merge pull request #229 from brettz9/recommended-rules
  • fdb3843 - Remove regex literal argument; simplify
  • 68a3c07 - Add schemas for options (and remove for files which are using settings)
  • 04cdbaa - Indicate whether rule is recommended (also put into table along with info on whether "fixable")
  • 6ac703b Merge pull request #233 from brettz9/options-in-docs
  • 347d544 Merge pull request #232 from brettz9/regexp-u-flags
  • 57add13 Merge pull request #231 from brettz9/doc-highlighting
  • 07948bd Merge pull request #230 from brettz9/package-lock
  • a147956 Merge pull request #228 from brettz9/fixable
  • f8141df Merge pull request #226 from cruzdanilo/master
  • bdad369 Merge pull request #227 from brettz9/patch-1

See the full diff

Package name: shelljs The new version differs by 4 commits.
  • 70668a4 0.8.5
  • d919d22 fix(exec): lockdown file permissions (#1060)
  • fcf1651 0.8.4
  • a1111ee Silence potentially upcoming circular dependency warning (#973)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 12 '22 16:01 snyk-bot