MMM-OnScreenMenu
MMM-OnScreenMenu copied to clipboard
[Snyk] Security upgrade pm2 from 2.10.4 to 4.3.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
![]() |
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: pm2
The new version differs by 250 commits.- 9ee8a0f [email protected]
- 956afe7 [email protected]
- 851c44c update changelog
- 03d0b28 Merge pull request #4662 from Timic3/fix/common-module-import
- d8a6d38 bump pm2-deploy
- 4d1aedf throttle cron test
- 8fae340 bump vizion
- b097dc2 pkg.json version bump
- 7a5da59 drop date-fns
- 195eb6e drop lodash lib
- 526756d 4.3.0
- 7323438 Add .cjs (common JS) as a viable extension
- d5d7f7b bump lodash
- 22b29a2 disable s390x testing for now
- 03f09ef filter_env to skip local env variables #4596
- 23c1e0d Merge branch 'master' into development
- 00c353c Merge pull request #4517 from bvsubhash/namespace-logs
- a016999 Merge pull request #4518 from bvsubhash/trigger-namespace-or-all
- bf582e1 Merge pull request #4561 from codpot/fix-disabling-logs
- 69984f0 chore fix schema.json
- bb67e0b Merge pull request #4589 from linux-on-ibm-z/s390x-travisCI
- 45db453 Merge pull request #4593 from adunkey/master
- e94cde8 Merge pull request #4615 from kevindoveton/development
- 73f8f4f Merge pull request #4629 from jlvcm/patch-2
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons: