Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade netlify-cli from 2.21.0 to 15.1.1 #32

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade netlify-cli from 2.21.0 to 15.1.1 #32

wants to merge 1 commit into from

Conversation

makbarGroup
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: netlify-cli The new version differs by 250 commits.
  • 60cd3f8 chore(main): release 15.1.1 (#5730)
  • 79bafc9 fix(deps): update dependency ora to v6.3.1 (#5740)
  • 82abf15 fix(deps): update dependency dot-prop to v7 (#5737)
  • e41bd63 fix(deps): update dependency to-readable-stream to v4 (#5739)
  • c1845dc fix(deps): update dependency read-pkg-up to v9 (#5736)
  • 0e1e5d1 fix(deps): update netlify packages (#5735)
  • 89440ac fix(deps): update dependency @ netlify/zip-it-and-ship-it to v9.6.0 (#5734)
  • 025206e fix(deps): update dependency env-paths to v3 (#5733)
  • 8b15932 fix(deps): update dependency configstore to v6 (#5732)
  • cfb217d fix(deps): pin dependencies (#5729)
  • e887779 chore(main): release 15.1.0 (#5726)
  • 586c525 feat: add support for streaming functions (#5725)
  • 13226a4 chore(main): release 15.0.3 (#5691)
  • 8349de4 fix: remove dependency `is-plain-obj` (#5702)
  • 769e345 chore: remove unused rewiremock (#5720)
  • 7688797 fix(deps): update dependency @ octokit/rest to v19.0.8 (#5721)
  • ab06132 fix(templates): update dependency @ types/node to v14.18.47 (#5722)
  • 736b66d chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#5625)
  • 021caf3 fix(deps): update dependency boxen to v7.1.0 (#5718)
  • c990845 fix(deps): update dependency semver to v7.5.1 (#5719)
  • 367af86 fix(deps): update dependency ora to v6.3.0 (#5717)
  • 9dc009a chore(deps): update vitest monorepo to v0.31.0 (#5716)
  • 3eae5ed fix(deps): pin dependencies (#5715)
  • ed54e69 chore(deps): pin dependencies (#5712)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@makbarGroup @snyk-bot