Skip to content

[Snyk] Security upgrade npm-check-updates from 10.2.5 to 15.0.0

Chet Manley requested to merge snyk-fix-1a36a035a7888112419faff798a09aa8 into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795 		Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm-check-updates The new version differs by 250 commits.
  • 67ca579 15.0.0
  • 4a60328 Update CHANGELOG with v15 release notes.
  • 458cd6b Bump dependencies
  • c98156d Bump version of update-notifier (#1150)
  • e445722 Fix Yarn detection when using workspaces, fix `.yarnrc.yml` loading (#1148)
  • c81980c 14.1.1
  • 470aa95 Use prompts-ncu in npm registry rather than github branch (#1146).
  • 1c2192a 14.1.0
  • 1d9ed15 Improve interactive mode (#1141)
  • a64c50b Fix doctor help text formatting in test.
  • 3b42a2a Automatically mention extended help text in description if it exists.
  • 19e27cb Consolidate doctor help text.
  • 9d65860 Improve --packageManager help text. Automate word wrap in extended help.
  • 8512d66 Static registry (#1143)
  • a638997 Add isGlobalDeprecated for better --global handling (#1144)
  • d7df151 Add --format group option to group by major, minor, patch, and non-semver.
  • 2783e1f Use rows in cli-table constructor instead of mutating push.
  • 4ebf32a Add extended help to --format option.
  • 49a91c3 Validate options with choices property.
  • 92c4aa7 14.0.1
  • 222ebc9 Do not pass Options as NpmOptions. Fixes regression in 3f28ecd. #1140
  • e239cc3 README
  • 3f4418c 14.0.0
  • 0b9dedc Add target=@[dist-tag] option support (#1134)

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Merge request reports