Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade cacache from 12.0.4 to 13.0.0 #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade cacache from 12.0.4 to 13.0.0 #31

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: cacache The new version differs by 42 commits.
  • 63ef08d chore(release): 13.0.0
  • e1f7f9f chore(deps): use published ssri v7
  • f2269d5 chore: replace fs streams with fs-minipass
  • 8261004 chore(deps): update minipass and ssri
  • aa0e188 test: no need to call nyc directly
  • 60fdfef chore(deps): update minipass and minipass-pipeline
  • 1cbb72b Remove spanish language readme
  • 4fb46d4 chore: add CODEOWNERS github metadata
  • bb7d495 chore: remove funding.yaml
  • 5cc987e test(memoization): Remove redundant if statement
  • 6c1b313 chore: patch updates to several dependencies
  • 1516ee2 chore: update chownr
  • 4a0d68c chore: remove mississippi
  • f4c0962 feat: replace all streams with Minipass streams
  • a6545a9 feat(deps): Add minipass and minipass-pipeline
  • dc8e17b chore: npm audit fix updates
  • 5d9c602 chore: bump tap dep
  • f21dc10 chore(travis): Drop node 6, add node 12
  • be8e12a test(util): Added tests for tmp.fix
  • 2363295 chore(readme): Cleaned up readme
  • 28a9373 chore(disposer): Wrapped up disposer into an util function
  • ffe6c72 chore(disposer): Update disposer to reject on failure
  • 9b1113d chore(test): Added additional test to get
  • 9d3eaec chore(test): Adding test coverage

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

πŸ‘©β€πŸ’» Set who automatically gets assigned

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot