Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade ava from 2.4.0 to 6.0.0 #1715

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade ava from 2.4.0 to 6.0.0 #1715

wants to merge 1 commit into from

Conversation

aliscco
Copy link
Owner

@aliscco aliscco commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node_modules/strip-ansi/node_modules/ansi-regex/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ava The new version differs by 250 commits.
  • cf7a288 6.0.0
  • af5684d Don't force-exit after tests have completed
  • 88e4333 Update dependencies & other minor tweaks
  • cac1d1f Tweak README
  • 0492d32 Fix external assertions tests for Node.js 21
  • adbfcde Experimentally expose internal events for custom reporters
  • 6790d50 Update memoize dependency
  • e07179b Remove ability to select AVA 5 watcher
  • cf0fa4c Update dependencies, rely on Node.js 18, other small changes
  • 03a6723 Drop Node.js 16, upgrade minimal 18 and 20, test 21
  • b6fbd58 Make assertions throw
  • c792f10 Fix type tests for t.assert()
  • 0d7bbd5 Fix typo in common pitfalls doc
  • e81f413 Allow throws / throwsAsync to work with any value, not just errors
  • 4c5b469 Refactor error processing
  • e27183a Make `assert`, `truthy` and `falsy` typeguards
  • e58f466 Only treat native errors as errors
  • f2726f1 Update TypeScript recipe for mocks, Node.js 20
  • f047694 Remove p-event dependency
  • 7533020 Remove workaround for worker.terminate() crashes
  • 10e2e8a Add t.timeout.clear() to restore default behavior
  • 5a9a627 Make test-types work with tsc and XO
  • 6ca0f1c Pro-actively write out code coverage
  • 018d64f Test AVA using AVA 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

This was referenced May 14, 2024
Open
Open
Open
Open
This was referenced May 21, 2024
Open
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aliscco @snyk-bot