[Snyk] Security upgrade npm-check-updates from 10.2.5 to 12.0.1
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
Yes | No Known Exploit | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: npm-check-updates
The new version differs by 250 commits.- 3ba8472 12.0.1
- 950d6df fix: getPeerDependencies uses correct relative path
- 7d1f93c Don't include deprecated versions when using yarn package manager (#987)
- c164b44 buildReadme.js: remove unused variables (#985)
- a1de371 Update dependencies (#983)
- a765195 package.json: remove the deprecated `preferGlobal`
- dc5f3c8 Exclude test files from the npm package
- 5218266 Update CI config (#980)
- e153ab2 12.0.0
- 017269d Add v12 to CHANGELOG.
- 6ac57c8 Upgrade node engine in package-lock.
- f1d6a2d Build README
- 7b2b38a 12.0.0-1
- e9aa452 Fix upgradeGithubUrl.
- be11baa Bump node engine to v12
- 0a941a5 Remove explicit types field in package.json.
- b03d3bb Fix typescript errors.
- 4a4fdad lint
- e466ea9 README
- e6d1a9a 12.0.0-0
- 6b0bd3f Rename VersionDeclaration to VersionSpec.
- d8763f1 .ncurc comment
- 54b797e Use PATH in tests to use local yarn rather than NCU_TESTS. Add missing license fields.
- 0aea47c Bump dependencies
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: