Skip to content

[Snyk] Security upgrade clang-format from 1.2.3 to 1.7.0 #48

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade clang-format from 1.2.3 to 1.7.0 #48

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • tools/clang-format/package.json
    • tools/clang-format/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: clang-format The new version differs by 33 commits.
  • fa4532a 1.7.0
  • 17ade50 feat: Win binary based on 596752863e27.
  • 53a23b8 feat: print the git hash.
  • 884663e feat: Mac & Linux binaries based on 596752863e27.
  • 750782b fix: update async from 1.5.2. to 3.2.3
  • 354dc49 chore: remove yarn.lock
  • 96ae673 feat: default to python3 in check-clang-format
  • 02ecb76 rel: 1.6.0
  • 3541fe6 feat: new binaries from 2021-11-05 (7af584ed87cc6eddb6adbc451c90fb8867469e06).
  • 6ac990d Adjust to master -> main renaming in upstream llvm.
  • 2026be6 rel: 1.5.0
  • 2541066 doc: fix build script for linux
  • e9075b5 Remove CircleCI leftovers.
  • 0e04d88 Set up Github Actions CI
  • eca4ddc build(deps): bump path-parse from 1.0.6 to 1.0.7
  • 00e71e4 Add package-lock.json for repeatable builds.
  • ea44b58 fix: fall back to darwin_x64 if available on darwin_arm64
  • 8692057 rel: 1.4.0
  • 30cf98e feat: new binaries.
  • f5b2fda build: do not use zlib on linux.
  • c506116 rel: 1.3.0.
  • 923f7e8 feat: binaries based on 3389658308187fd9b.
  • c28c014 build: update build.sh.
  • 4e075c1 refactor: verification of binary windows safe

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: tools/clang-format/package.json & tools/clang-format/package-loc…
e8b4b1c 
…k.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot