[Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0 by sirinartk · Pull Request #176 · sirinartk/react

sirinartk · 2022-06-24T04:30:41Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/react-devtools/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: update-notifier

The new version differs by 42 commits.

311557e 6.0.0
9183541 Require Node.js 14 and move to ESM
3fdb218 5.1.0
73c391b Upgrade dependencies
0a6027e Move to GitHub Actions
d8fa601 Rename `master` branch to `main`
f63b2eb 5.0.1
9e2b772 Update dependencies
da7c464 5.0.0
5b440c2 Require Node.js 10
3dfe42d Don't suggest to upgrade to lower version ([Snyk] Security upgrade electron from 5.0.13 to 18.3.11 #192)
132b7ce Remove a project from "Users" section ([Snyk] Security upgrade electron from 5.0.13 to 18.3.12 #191)
c9d2166 4.1.1
f42fc8f Improve vertical alignment of the notifier output ([Snyk] Security upgrade node-fetch from 1.6.3 to 3.2.10 #183)
71a3f19 Use HTTPS links
64c5236 Fix Travis
9d9f4ff 4.1.0
4062f12 Update dependencies
adbeb6e Add template support for the `message` option ([Snyk] Security upgrade lighthouse from 3.2.1 to 9.3.0 #175)
adf7803 4.0.0
fb5161c Remove the `callback` option ([Snyk] Fix for 2 vulnerabilities #158)
39682de Rename `boxenOpts` option to `boxenOptions`
bc1721a Avoid showing notification if current version is the latest ([Snyk] Security upgrade electron from 5.0.13 to 15.5.6 #174)
ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GOT-2932019

fix: packages/react-devtools/package.json to reduce vulnerabilities

37385dd

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GOT-2932019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0#176

[Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0#176
sirinartk wants to merge 1 commit intomasterfrom
snyk-fix-d1c4581240c9d06e6c286a13f97d9544

sirinartk commented Jun 24, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

sirinartk commented Jun 24, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants