New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade xo from 0.11.2 to 0.20.0 #741

Open

aliscco wants to merge 1 commit into master from snyk-fix-a2e2677818133603dc3d29d06cd2f155

Owner

aliscco commented Nov 29, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- tools/node_modules/eslint/node_modules/@babel/highlight/node_modules/color-convert/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: xo

The new version differs by 196 commits.

56d9891 0.20.0
a22e5dc 0.19.0
6245086 Disable `enforceForRenamedProperties` for `prefer-destructuring` ([Snyk] Security upgrade standard from 10.0.3 to 11.0.0 #297)
652a6e5 Remove deprecated `--compact` CLI flag ([Snyk] Security upgrade xo from 0.34.2 to 0.42.0 #293)
60fd100 Force bump dependencies
f1bb0a1 Bump `eslint-config-xo`
414ad2d Bump `eslint-plugin-unicorn`
552cbb1 Update globby to the latest version ([Snyk] Fix for 18 vulnerabilities #295)
6d8a93b Update URL to new org
9859dfb Set `ecmaVersion` to 2018
8526f2e Bump `eslint-plugin-node`
34dca07 Disable the `node/exports-style` rule
42e03f1 Disable the `node/no-unpublished-require/import` rules
61a85cf Revert JSDoc plugin ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #291)
07df074 Add related package to readme ([Snyk] Fix for 20 vulnerabilities #290)
78f621f Bump dependencies
c1f1be6 Add JSDoc plugin ([Snyk] Fix for 20 vulnerabilities #286)
0d18368 Enforce rules based on "engines" field in package.json ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #281)
b2e5428 Update eslint-plugin-unicorn ([Snyk] Fix for 16 vulnerabilities #287)
8ef54e0 Bump prettier to 1.10.2 ([Snyk] Security upgrade tap from 7.1.2 to 15.0.0 #284)
fdf051d Use globby gitignore handling ([Snyk] Fix for 6 vulnerabilities #283)
fd89175 Add optional Prettier support ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #271)
7c77af3 ✨ Welcome @ pvdlg to the project ✨
16fb8e2 Add eslint-plugin-node ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #268)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Privilege Management


          fix: tools/node_modules/eslint/node_modules/@babel/highlight/node_mod…

9ffb6b3

…ules/color-convert/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/npm:lodash:20180130

github-actions bot added the tools label

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels