Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @atomist/automation-client from 1.0.0-RC.2 to 1.7.0 #113

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @atomist/automation-client from 1.0.0-RC.2 to 1.7.0 #113

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @atomist/automation-client The new version differs by 250 commits.
  • 8eaf062 Version: increment after 1.7.0 release
  • 9f18d79 Drop previous configuration
  • a4fa098 Improve watch startup message
  • d7c6b0b Don't overwrite when thread_ts isn't set
  • 12b2f19 Changelog: b782039 to fixed
  • b782039 Fix threaded messages for responses
  • 16b438f Autofix: Third party licenses
  • 98a36f2 Fix package-lock.json
  • 51ca4f0 Update NPM package version to 1.7.0
  • b12913b Make sure parameters, mapped parameters and secrets are unique
  • 2743b09 Autofix: Third party licenses
  • 7665704 Changelog: #597 to added
  • 0a2a4fb Auto merge pull request #597 from atomist/automation-client
  • 0d63282 Add support code reloading during development
  • 096e4dc Autofix: Third party licenses
  • 46ea6cc Upgrade to TypeScript 3.6.2
  • b245b4b Autofix: Third party licenses
  • f771abf Changelog: #595 to changed
  • 486dec7 Auto merge pull request #595 from atomist/automation-client
  • 5d243d7 Changelog: #593 to changed
  • 4dbc743 Auto merge pull request #593 from atomist/automation-client
  • ea318bb Autofix: tslint
  • 781cf74 Changelog: #592 to fixed
  • eb33e66 Route continuation directly onto the WS

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot