New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #15

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-85a7d9902e2bcfdfa1450b11d76f4cf4

Contributor

snyk-bot commented Jun 17, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept

Commit messages

Package name: marked-man

The new version differs by 15 commits.

e86d65c Version 0.4.0
6749866 Version 0.3.1
eed325c Update output expectations
6b22398 Update test expectations
5bac7a8 Update test tool
6e8604d Port to markdown 0.5
9fb8328 marked is a peerDependency and update to 0.5
5e4b348 ugly hot fix, patch flag in instance
42e7fba set nowarn preserve long line in table warning
ceb2249 Use SOURCE_DATE_EPOCH if available in the environment.
be85589 Update to resolve issue between marked and marked-man
90ddb44 Version 0.3.0
26622f8 Document --date timestamp
376c4dc Document change
a63a8ff Accept timestamp as --date option

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

b2e7ba0 0.5.2
c5b97d1 bump minimist to 1.2 to fix security issue
f2003bb test: add v4 and v5 to travis
b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution npm:extend:20180424	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

2bfdefe

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:extend:20180424

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet