Skip to content

Comments

[Snyk] Fix for 2 vulnerabilities#17

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-75c0f740183b0f7cd0fb8975aae71592
Open

[Snyk] Fix for 2 vulnerabilities#17
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-75c0f740183b0f7cd0fb8975aae71592

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented May 18, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVERREGEX-2824151		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: semantic-release The new version differs by 250 commits.
  • 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
  • af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
  • 6c7e4be docs: add semantic-release-helm plugin (#1713)
  • c177d4b docs: add semantic-release-pypi plugin (#1707)
  • eb70823 docs: add semantic-release-license-plugin (#1701)
  • 885d87a feat(docs): note that publish token is required (#1700)
  • f8f8fbc fix: escape uri encoded symbols (#1697)
  • c8d38b6 style: removed line breaks to align with xo rule (#1689)
  • ca90b34 fix: mask secrets when characters get uri encoded
  • 63fa143 docs(plugins): add listing for new plugin (#1686)
  • 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
  • 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
  • d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
  • 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
  • b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
  • 18e35b2 docs: reorder default plugins list (#1650)
  • e35e5bb docs(contributing): fix commit message examples (#1648)
  • 311c465 docs(README): welcome @ travi, add alumni section
  • b4c5d0a fix: add logging for when ssh falls back to http (#1639)
  • c982249 docs(contributing): typo fix (#1638)
  • 9635f50 docs: improve github actions recipe on git plugin (#1626)
  • d036a89 ci(docs): use actions/checkout@v2 (#1620)
  • 9303d1d docs(resources.md): added more sematnic release article (#1610)
  • b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot