cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon snyk

[Snyk-dev] Security upgrade inquirer from 1.0.3 to 3.2.0

Open snyk-bot opened this issue 2 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/fixtures/qs-package/node_modules/snyk/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: inquirer The new version differs by 92 commits.
  • 68fcbcb 3.2.0
  • e16575c Bump dependencies
  • 3f2c74b fix(package): update chalk to version 2.0.0
  • 2e9eb3e Allow non-string values as a list default option (#558)
  • 5dbd186 [fix] #293 Exit script when SIGINT signal received (#564)
  • 625965e Fixed typo (#563)
  • babdfb2 Add Plugins Section to README.md (#559)
  • 810c138 fix(package): update strip-ansi to version 4.0.0
  • 13d3100 3.1.1
  • 60b27f0 Setup coverage in codacy
  • 62fde13 Bump dev dependencies
  • 3f465b4 Move eslint configs to own file (easier to integrate in third party)
  • 948f8dc Keep password prompt silenced after error - Fix #553 #546
  • 11f5854 chore(package): update sinon to version 2.3.4 (#550)
  • e612cc5 3.1.0
  • 148cb71 Update eslint-config-xo-space to the latest version 🚀 (#516)
  • 3b93dd5 call chalk.reset() after message prompt (#544)
  • 3ff39a6 chore(package): update chai to version 4.0.1 (#541)
  • 76f1bfe upgrade external-editor to 2.0.4 (#535)
  • da4eceb pass current answers hash to filter (#533)
  • f99b398 Use rx-lite-aggregates instead of full rx (#532)
  • 20119a2 fix(package): update ansi-escapes to version 2.0.0 (#527)
  • e294e16 Update validate fn param docs (#526)
  • 5b3a4a2 Add masked password example

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot avatar Jul 27 '22 18:07 snyk-bot

Warnings
:warning:

"fix: test/fixtures/qs-package/node_modules/snyk/package.json to reduce vulnerabilities" is too long. Keep the first line of your commit message under 72 characters.

Generated by :no_entry_sign: dangerJS against 1380b3b5f7c4f975e1e5ecceba3e2294eba453dd

github-actions[bot] avatar Jul 27 '22 18:07 github-actions[bot]