[Snyk] Security upgrade meow from 7.0.1 to 8.0.0 #161

snyk-bot · 2021-03-26T08:58:46Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: meow

The new version differs by 13 commits.

a1f5f0f 8.0.0
1b3d9ee Upgrade dependencies
ef7ae5d Gracefully handle package.json not being found (build(deps): bump normalize-url from 4.5.0 to 4.5.1 #167)
49ce74d Make `isMultiple` non-greedy (build(deps): bump y18n from 4.0.0 to 4.0.1 #162)
14924de Default `isMultiple` to empty array (build(deps): bump handlebars from 4.5.3 to 4.7.7 #163)
dc7dae4 7.1.1
71d640e Fix compatibility with `vercel/ncc` (build(deps): bump ini from 1.3.5 to 1.3.7 #159)
ebe00a1 7.1.0
e38789f Improve flags types to acknowledge `isMultiple` and `isRequired` options ([Snyk] Fix for 1 vulnerabilities #154)
fa2a374 Fix typo
629af48 Update `minimist-options` and remove type coercion patch (Add support for air quality index #152)
1c251e8 Rename `yargs` to `parseArguments` (Project name error #149)
20f6e85 Rename `camelcase` to `camelCase` (build(deps): bump eslint-utils from 1.4.0 to 1.4.2 #151)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355

coveralls · 2021-03-26T08:59:57Z

Coverage remained the same at 68.293% when pulling a4abcd5 on snyk-fix-db0b2bac5258b29679637a44f5432bbd into 24e4e8d on master.

fix: package.json & package-lock.json to reduce vulnerabilities

a4abcd5

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355

riyadhalnur approved these changes Mar 26, 2021

View reviewed changes

riyadhalnur merged commit faecc9f into master Mar 26, 2021

riyadhalnur deleted the snyk-fix-db0b2bac5258b29679637a44f5432bbd branch March 26, 2021 18:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade meow from 7.0.1 to 8.0.0 #161

[Snyk] Security upgrade meow from 7.0.1 to 8.0.0 #161

snyk-bot commented Mar 26, 2021

coveralls commented Mar 26, 2021

[Snyk] Security upgrade meow from 7.0.1 to 8.0.0 #161

[Snyk] Security upgrade meow from 7.0.1 to 8.0.0 #161

Conversation

snyk-bot commented Mar 26, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

coveralls commented Mar 26, 2021