Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @atomist/sdm-core from 1.0.0-RC.2 to 1.5.0 #110

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @atomist/sdm-core from 1.0.0-RC.2 to 1.5.0 #110

wants to merge 1 commit into from

Conversation

Fkherif
Copy link

@Fkherif Fkherif commented Jun 24, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 556/1000
Why? Recently disclosed, Has a fix available, CVSS 5.4		 Open Redirect
SNYK-JS-GOT-2932019		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @atomist/sdm-core The new version differs by 250 commits.
  • c371c3d Version: increment after 1.5.0 release
  • 81fb6cb Autofix: Third party licenses
  • b1f524c Update client and sdm
  • f69a80e Rollback breaking API change
  • 3b4692c Fix typo in package.json
  • c2cae95 Autofix: TypeScript imports
  • 822be7e Delint
  • 23c1135 Support printf style syntax in ProgressLog.write
  • bf9c757 Autofix: Third party licenses
  • a5917cd Changelog: 50c8c96 to added
  • 50c8c96 Add delete and list to PreferenceStore api
  • 8de1904 Add author to push fields fragment
  • dde8310 Autofix: Third party licenses
  • 4976bd4 Update to use latest statsd support
  • 6c58041 Add missing lodash import
  • 1f3d87b Get branch name from pushes
  • 9c92677 Autofix: Third party licenses
  • aaad000 Delint
  • 2c701d5 Changelog: #140 to changed, deprecated
  • f59aa0a Auto merge pull request #140 from atomist/sdm-core
  • 4f68056 Switch over to TeamConfiguration for sdm preferences
  • 01c5a63 Autofix: Third party licenses
  • 9611ecb Changelog: #147 to deprecated, changed
  • 0bb3646 Deprecates deployer and artifact usage (#147)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Open Redirect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Fkherif @snyk-bot