[Snyk] Security upgrade @npmcli/template-oss from 4.11.0 to 4.20.0 by leonardoadame · Pull Request #677 · leonardoadame/node

leonardoadame · 2024-02-12T01:00:33Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/node_modules/promzard/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @npmcli/template-oss

The new version differs by 78 commits.

7f86c5f chore: release 4.20.0
74331b4 fix: remove tap 16 specific config when using tap 18
17ea62d feat: add typescript and esm support
3fca74f fix: always lint all js-ish extensions
37e9e0e fix: use npx semver to better determine latest npm
ec65582 deps: bump @ commitlint/config-conventional from 17.8.1 to 18.1.0
c8420a6 deps: bump @ commitlint/cli from 17.8.1 to 18.2.0
f2521ed deps: bump @ npmcli/arborist from 6.5.0 to 7.2.1
8c20554 deps: bump @ npmcli/git from 4.1.0 to 5.0.3
f25926a deps: bump @ npmcli/package-json from 4.0.1 to 5.0.0
af30dbe deps: bump hosted-git-info from 6.1.1 to 7.0.1
0b59cd6 deps: bump npm-package-arg from 10.1.0 to 11.0.1
ea0e866 feat: update engines ([Snyk] Fix for 1 vulnerabilities #373)
2a8d79e docs: add note about semver and breaking changes ([Snyk] Fix for 1 vulnerabilities #372)
3e1792c fix: add suffix to template files ([Snyk] Fix for 1 vulnerabilities #362)
ebb48ec fix: add PR approval to auto publish flow ([Snyk] Fix for 1 vulnerabilities #368)
f065bcb fix: prefer upstream over origin when getting remote
29bf19d fix: Ignore transient tap test directories ([Snyk] Fix for 1 vulnerabilities #364)
cf286f5 chore: release 4.19.0
339c780 chore: fix resetting exit code in tests
994a278 feat: set ci versions from engines
de319e8 fix: allow overriding path to npm bin in workspaces
cad156a feat: set backport release from config instead of current branch
2a5e186 chore: release 4.18.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864

bolt-new-by-stackblitz · 2024-02-12T01:00:36Z

Run & review this pull request in StackBlitz Codeflow.

fix: deps/npm/node_modules/promzard/package.json to reduce vulnerabil…

7a40fbf

…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-6240864

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade @npmcli/template-oss from 4.11.0 to 4.20.0#677

[Snyk] Security upgrade @npmcli/template-oss from 4.11.0 to 4.20.0#677
leonardoadame wants to merge 1 commit into
mainfrom
snyk-fix-e13ae3b9936a6619a8b12a8523c30f87

leonardoadame commented Feb 12, 2024

bolt-new-by-stackblitz Bot commented Feb 12, 2024

Labels

2 participants

Conversation