[Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #681

aliscco · 2023-11-28T21:32:09Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tools/node_modules/eslint/node_modules/color-convert/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: xo

The new version differs by 179 commits.

ab16df2 0.42.0
de55a03 Upgrade dependencies
34800b7 Upgrade `globby` ([Snyk] Fix for 1 vulnerabilities #574)
f81e933 Re-enable `import/newline-after-import` rule
47af93e 0.41.0
af93e79 Upgrade dependencies
0733cc5 Fix code style ([Snyk] Security upgrade eslint from 5.16.0 to 7.0.0 #570)
ab17a3c Lint `.cjs` files in codebase ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #569)
0a752c7 Update dependencies ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #568)
41c8f39 Convert project to module ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #566)
b3c5e15 Fix typo ([Snyk] Fix for 1 vulnerabilities #567)
2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Security upgrade jest from 24.9.0 to 25.0.0 #565)
41f0484 0.40.3
374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Security upgrade eslint from 6.8.0 to 7.0.0 #561)
3e7b77c Remove some needless imports ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #560)
6adf459 Remove `update-notifier`
b6389ef 0.40.2
7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #557)
7629ce0 0.40.1
d2c5750 Properly resolve base config ([Snyk] Fix for 1 vulnerabilities #545)
e9c96a1 Properly handle `parserOptions` ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #544)
8e1801c Avoid destructuring and just build the expected object once ([Snyk] Security upgrade xo from 0.27.2 to 0.41.0 #538)
4cfdc72 Fix CI
56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

…n to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

fix: tools/node_modules/eslint/node_modules/color-convert/package.jso…

bea8276

…n to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

github-actions bot added the tools label Nov 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #681

[Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #681

aliscco commented Nov 28, 2023

[Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #681

Are you sure you want to change the base?

[Snyk] Security upgrade xo from 0.24.0 to 0.42.0 #681

Conversation

aliscco commented Nov 28, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: