New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade smee-client from 1.2.2 to 1.2.3 #10

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-e68bdfb335a615c77ce6bf48e3428ce0

snyk-bot commented Aug 19, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: smee-client

The new version differs by 16 commits.

587e09c 1.2.3
9d5cfea update types
2c5da9a Merge pull request An in-range update of aws-sdk is breaking the build 🚨 all-contributors/app#193 from probot/bump-deprecations
513a89a fix import syntax
5788835 update superagent and eventsource
c4babe8 Merge pull request feat: added function to overwrite incorrect data with know data all-contributors/app#186 from probot/dependabot/npm_and_yarn/url-parse-1.5.10
5337b42 Merge pull request Update probot to the latest version 🚀 all-contributors/app#190 from probot/dependabot/npm_and_yarn/minimist-1.2.6
cf61cdb Merge pull request fix: raise maximum content file limit to 15 all-contributors/app#183 from probot/dependabot/npm_and_yarn/ajv-6.12.6
4b4416e Bump minimist from 1.2.5 to 1.2.6
ba8a177 Bump url-parse from 1.5.3 to 1.5.10
6f62dc9 Bump ajv from 6.10.0 to 6.12.6
46b77e9 Bump pathval from 1.1.0 to 1.1.1 (Revert "feat: support commit comments" all-contributors/app#182)
604a366 fix: dependency updates (feat: support commit comments all-contributors/app#180)
64e0e4c Bump tmpl from 1.0.4 to 1.0.5 (docs: contributing slack all-contributors/app#173)
ac4fe48 Bump y18n from 4.0.0 to 4.0.1 (fix(Analytics): use event properties correctly all-contributors/app#164)
4da70a6 build(package): simplify repository fields

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.


          fix: package.json to reduce vulnerabilities

ff960aa

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet