Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade node-notifier from 5.4.3 to 9.0.0 #59

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade node-notifier from 5.4.3 to 9.0.0 #59

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 566/1000
Why? Recently disclosed, Has a fix available, CVSS 5.6		 Command Injection
SNYK-JS-NODENOTIFIER-1035794		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-notifier The new version differs by 86 commits.
  • 6b42cb3 v9.0.0
  • 2ce6354 Adds note on WSL2 as per #353
  • 91b026d Merge pull request #351 from volovikariel/master
  • 7675d79 Fixed a typo in Readme
  • 2d3927b patch: fixes possible injection issue for notify-send
  • 6cd6cb9 Merge pull request #348 from rosvik/master
  • e55bd8f Merge pull request #347 from Ssredna/fix-click-event
  • cabcf80 Add metadata parameter to example in README
  • 377b4d4 fix: fixes mapping on snoretoast activate event, fixes #291
  • 1c9d956 Merge pull request #342 from JeroenOnstuimig/patch-1
  • 8c0355c Fix named pipe in WSL
  • 3006e5a Updates lock file
  • c374fe1 v8.0.0
  • 25ffe15 Bumps dependencies
  • ee7916a Merge pull request #341 from mikaelbr/timeoutNotifySend
  • e3decb2 Updates documentation
  • 860c06e feat: implements proper timeout/wait behaviour for notify-send
  • 1c74ea9 v7.0.2
  • 6aa137e Removes node 8 from ci
  • ff6ae61 Updates changelog to v7.0.2
  • 3f4a4ce Updates eslint configs to allow dangling comma
  • 3e5e194 Updates all dependencies
  • 91d6949 Merge pull request #329 from charlesnchr/master
  • 29b99f2 Merge pull request #335 from JasonGore/fix-disabled-hang

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot