Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade ava from 1.4.1 to 6.0.0 #1730

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade ava from 1.4.1 to 6.0.0 #1730

wants to merge 1 commit into from

Conversation

aliscco
Copy link
Owner

@aliscco aliscco commented May 14, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node_modules/ora/node_modules/supports-color/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ava The new version differs by 250 commits.
  • cf7a288 6.0.0
  • af5684d Don't force-exit after tests have completed
  • 88e4333 Update dependencies & other minor tweaks
  • cac1d1f Tweak README
  • 0492d32 Fix external assertions tests for Node.js 21
  • adbfcde Experimentally expose internal events for custom reporters
  • 6790d50 Update memoize dependency
  • e07179b Remove ability to select AVA 5 watcher
  • cf0fa4c Update dependencies, rely on Node.js 18, other small changes
  • 03a6723 Drop Node.js 16, upgrade minimal 18 and 20, test 21
  • b6fbd58 Make assertions throw
  • c792f10 Fix type tests for t.assert()
  • 0d7bbd5 Fix typo in common pitfalls doc
  • e81f413 Allow throws / throwsAsync to work with any value, not just errors
  • 4c5b469 Refactor error processing
  • e27183a Make `assert`, `truthy` and `falsy` typeguards
  • e58f466 Only treat native errors as errors
  • f2726f1 Update TypeScript recipe for mocks, Node.js 20
  • f047694 Remove p-event dependency
  • 7533020 Remove workaround for worker.terminate() crashes
  • 10e2e8a Add t.timeout.clear() to restore default behavior
  • 5a9a627 Make test-types work with tsc and XO
  • 6ca0f1c Pro-actively write out code coverage
  • 018d64f Test AVA using AVA 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@aliscco @snyk-bot