Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade exegesis from 1.0.1 to 2.5.7 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade exegesis from 1.0.1 to 2.5.7 #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 676/1000
Why? Recently disclosed, Has a fix available, CVSS 7.8		 Arbitrary Code Execution
SNYK-JS-JSONPTR-1297099		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: exegesis The new version differs by 250 commits.
  • e53dcca fix: Upgrade json-schema-traverse and openapi3-ts to new major versions.
  • 4fa005f fix: Upgrade json-ptr to fix security issue.
  • 9065068 chore: Fix husky.
  • 3fb0bcf ci: Upgrade to dependabot native.
  • f4882a4 Merge pull request #254 from exegesis-js/dependabot/npm_and_yarn/lint-staged-11.0.0
  • c048da3 chore(deps-dev): bump lint-staged from 10.5.4 to 11.0.0
  • 57a5922 Merge pull request #240 from exegesis-js/dependabot/npm_and_yarn/husky-6.0.0
  • 4726303 chore(deps-dev): bump husky from 5.2.0 to 6.0.0
  • 619fd17 Merge pull request #226 from exegesis-js/dependabot/npm_and_yarn/markdownlint-cli-0.27.0
  • affbd45 chore(deps-dev): bump markdownlint-cli from 0.26.0 to 0.27.0
  • e210bc8 Merge pull request #217 from exegesis-js/dependabot/npm_and_yarn/husky-5.0.9
  • 9fced45 chore(deps-dev): bump husky from 4.3.8 to 5.0.9
  • 215c96c Merge pull request #212 from chuve/patch-1
  • 92f6f63 Update Exegesis Plugins.md
  • a509385 Merge pull request #198 from exegesis-js/dependabot/npm_and_yarn/markdownlint-cli-0.26.0
  • 5b20c08 chore(deps-dev): bump markdownlint-cli from 0.25.0 to 0.26.0
  • 16481ba Merge pull request #191 from rjray/patch-1
  • e8033a4 Update OAS3 Security.md
  • 44a2c60 Merge pull request #190 from chuve/patch-1
  • 5ff261f Fix wrong link to customErrorHandler.ts
  • 1bf4037 Merge pull request #185 from exegesis-js/dependabot/npm_and_yarn/markdownlint-cli-0.25.0
  • 61d8123 chore(deps-dev): bump markdownlint-cli from 0.24.0 to 0.25.0
  • d2b4993 Merge pull request #174 from exegesis-js/dependabot/npm_and_yarn/markdownlint-cli-0.24.0
  • bc935ea chore(deps-dev): bump markdownlint-cli from 0.23.2 to 0.24.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@coveralls
Copy link

coveralls commented May 28, 2021
edited
Loading

Pull Request Test Coverage Report for Build 13

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 100.0%
Totals Coverage Status
Change from base Build 1: 0.0%
Covered Lines: 8
Relevant Lines: 8
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@snyk-bot @coveralls