Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gh-badges from 1.3.0 to 2.0.0 #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gh-badges from 1.3.0 to 2.0.0 #22

wants to merge 1 commit into from

Conversation

baby636
Copy link
Owner

@baby636 baby636 commented Nov 30, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-HANDLEBARS-534988		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gh-badges The new version differs by 250 commits.
  • d0fe97d refactor [docker] service (#2263)
  • 4b88590 bump version (#2296)
  • 5dd4ee0 Start on the Github rewrite, with [GithubPullRequestCheckState] (#2253)
  • 2bc2450 Fix hex colors in static examples (#2295)
  • 3eac8eb Rework GitHub acceptor and move to its own module (#2021)
  • 02ec19f BaseService terminology: Rename `url` to `route` (#2278)
  • c0f9a88 Website: Tweak footer and usage (#2285)
  • e4e5628 Fix suggest on staging in Firefox (#2277)
  • c4af2ca Convert a bunch of URL formats to patterns (#2293)
  • ec65291 Bump simple-icons from 1.9.12 to 1.9.13 (#2294)
  • 804c4e4 Bump danger from 4.4.8 to 6.0.5 (#2291)
  • 291f35d Reduce duplication in badge regex/url patterns (#2279)
  • 611e58e Make a few github tests more reliable (#2292)
  • e240409 Bump prettier from 1.14.3 to 1.15.1 (#2289)
  • 57e4d82 Bump joi from 14.0.3 to 14.0.4 (#2267)
  • c600bf4 Bump node-fetch from 2.2.0 to 2.2.1 (#2276)
  • 9c658a1 fix [hexpm] validation (#2282)
  • 6199b1a add not found tests back in for [depfu hexpm requires] (#2281)
  • 33d5f8f round [wordpress] rating (#2283)
  • 5019d81 Add vso keyword to azure badges (#2274)
  • b19d6d0 refactor [bitbucket] service (#2261)
  • 88402dd Bump simple-icons from 1.9.10 to 1.9.12 (#2273)
  • c8ce4fa Bump nock from 10.0.1 to 10.0.2 (#2266)
  • 3bb392d Remove some duplicated URL generation code (#2240)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
b968f72 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@baby636 @snyk-bot