Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade standard from 10.0.3 to 14.3.2 #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: standard The new version differs by 250 commits.
  • 558df00 14.3.2
  • a8e318e Add changelog entry for 14.3.2
  • 133a4c9 Merge pull request #1492 from standard/eslint68
  • a2df23b Upgrade ESLint to 6.8.x
  • fb7e2a3 remove sponsor
  • ecda198 Update README.md
  • 4bc1671 Update README.md
  • e514626 add sponsor
  • 2b86c68 spacing
  • a702d2e Reposition CodeFund sponsorship link (#1446)
  • a28b5d0 Reposition CodeFund sponsorship link
  • 0f86fb9 Merge pull request #1445 from ZY2071/master
  • b4726d7 perf: Change the examples for rule 'No octal literals' .
  • 4bdaa2f perf: make the rule 'No octal literals' more specific.
  • f5d758e Update README-ja.md for d901c54 (#1435)
  • be249c3 Update README-ja.md for d901c54
  • cfb84fa Update README.md with working Typescript setup (#1434)
  • f4d3113 Update links to correct organization in README (#1433)
  • d901c54 Update README.md with working Typescript setup
  • 809e78a Update README-ja.md for 3e6b299 (#1432)
  • 91bc8fb Update README-ja.md for 3e6b299
  • 3e6b299 Update README.md
  • d5c7ded Add CodeFund sponsorship message to README (#1425)
  • c4f168e fix typo (#1423)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
@derhuerst derhuerst added the breaking breaking change label Jan 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
breaking breaking change
Development

Successfully merging this pull request may close these issues.

2 participants