[Snyk] Fix for 7 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970 |
Yes | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Validation Bypass SNYK-JS-KINDOF-537849 |
Yes | Proof of Concept |
 |
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-MIXINDEEP-450212 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-SETVALUE-1540541 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-SETVALUE-450213 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-environment
The new version differs by 250 commits.- af27719 3.0.0
- 554971a Bump yeoman-generator to 5.0.0
- 07f6bed Let the generator calculate it's own id.
- 7278483 3.0.0-rc.1
- 8e089ec Adjusts for backwards compatibility
- d420ab0 Catch error at runGenerator
- 887d32c Drop support for kebab case options.
- f29a2ea Drop arguments from Environment constructor.
- 48e942d Implement experimental cli
- 694583d Change conflicter constructor api.
- 5b88e8a Add progress bar to applyTransform.
- 13ef6d4 Adjusts to package-manager logs.
- bff0e87 Add cwd option to Conflicter
- 2e7195d Empty conflicter queue before continuing.
- 6dccc95 Increase Environment max listeners
- 71b70b1 Fix override every file answer.
- 3cb26e1 Change package-manager logs.
- 3e00c4b Implement support for singleton generator using identifiers.
- fbea0e8 Refactor namespace and import by default.
- 1db8db1 Bump peter-evans/create-pull-request from v3.8.1 to v3.8.2 (#269)
- 8a7ca93 3.0.0-rc.0
- 5a3a4ea Improve createYoResolveTransform
- 9805a00 Fixes to applyTransforms.
- 6923fca Add test for getConflicterStatusForFile
Package name: yeoman-generator
The new version differs by 250 commits.- aad5fac 5.0.0
- 4f4a802 Add transform to expected priority.
- 57d240c Remove only from test.
- 812751f Lint fix
- 33d050f Implement getFeatures for singleton support.
- 99ac2c5 Add transform priority.
- 5136342 Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 (#1278)
- fa408bd Bump actions/stale from v3.0.15 to v3.0.16 (#1275)
- d7103f3 Drop reference from yeoman-test repository
- b36f294 Bump yeoman-environment to 3.0.0-rc.1
- ee0d1ad Hide shared options and drop support for kebab case options.
- 310f72d Fix spawn destinationRoot.
- 8f4afe9 Switch composeWith to use environment.
- e9d0a15 Remove support for chainning at composeWith.
- c2245e1 Switch from node 10 to 12 at Travis.
- 5be7b07 5.0.0-rc.0
- 8a448b4 Bump yeoman-environment to 3.0.0-rc.0
- 6d6c4b0 Changes to queueTransformStream
- 632d60d Add option to skip parsing options.
- 7050e53 Pass destinationRoot to spawn-command by default.
- 097cd20 Implement package-json mixin.
- 52c90a2 Add merge support to Storage.
- f4336d9 5.0.0-beta.1
- 1952724 Change version to 5.0.0-beta.0
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: