generator-lazy icon indicating copy to clipboard operation
generator-lazy copied to clipboard

Published 20 hours ago verified publisher icon soulteary

[Snyk] Security upgrade yeoman-generator from 0.20.3 to 0.21.0

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yeoman-generator The new version differs by 11 commits.
  • a00f88d 0.21.0
  • 11255c7 move `inquirer` to devDependencies
  • f8a5fc9 package.json tweaks
  • 891bee5 tweaks
  • 1c18348 bump deps and removed unused ones
  • 13a001d update address
  • a505ee5 Merge pull request #859 from andrewstuart/master
  • d872339 Update jsdoc to include readme.md for home page.
  • fdca8ab Update .travis.yml to run latest stable node
  • 4da1036 Merge pull request #857 from cybertk/patch-1
  • 9e31f6d Update inquirer to 0.9.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Oct 20 '20 05:10 snyk-bot