Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade pm2 from 4.3.0 to 4.5.6 #330

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade pm2 from 4.3.0 to 4.5.6 #330

wants to merge 1 commit into from

Conversation

vyakymenko
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: pm2 The new version differs by 77 commits.
  • 1d81757 pm2@4.5.6
  • a6a52dc pm2@4.5.5
  • 5e18920 pm2@4.5.4
  • b743ce0 pm2@4.5.3
  • 88b5ab4 pm2@4.5.2
  • cc9714c bump copyright years
  • 64f8ea0 pm2@4.5.1
  • c0372a8 prepare 4.5.1
  • 56ffa13 upgrade debug
  • 452cc85 upgrade systeminformation
  • f376825 feat: restore --sort option on pm2 ls #4536
  • 2f61ddb fix: cron-restart in cluster mode + alias --cron to --cron-restart fix #4834 #4733 #4307 #4834
  • 0b56e72 Merge branch 'master' into development
  • 2ba6dff Merge pull request #4892 from AdamMajer/fix_npm7_devel
  • f830d5f Merge pull request #4897 from Glyphack/patch-2
  • d13e4a3 test against Node 15.x
  • 94615fb Update systeminformation package to 4.27.11
  • 25b7ccd tests: fix tests with npm7
  • 73a4eaf [ci skip] bump readme
  • 49f1871 pm2@4.5.0
  • 3e004dc add udp client/server example + fix typo
  • 310d68d pm2@4.5.0 - testing phase
  • 7f11906 Merge pull request #4681 from guard43ru/development
  • 108ddea Merge pull request #4741 from getsnoopy/fix-unit-test-script

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Server-side Request Forgery (SSRF)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vyakymenko @snyk-bot