[Snyk] Security upgrade nodemon from 2.0.2 to 2.0.3 #6

2020-04-09T05:59:04Z

argoyle commented

2020-04-09 05:59:04 +00:00

(Migrated from gitlab.com)

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this Merge Request

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- yarn.lock

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

<h3>Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.</h3> As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. #### Changes included in this Merge Request - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - yarn.lock #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Issue | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | Prototype Pollution <br/>[SNYK-JS-DOTPROP-543489](https://snyk.io/vuln/SNYK-JS-DOTPROP-543489) | No | Proof of Concept Check the changes in this Merge Request to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/argoyle/project/f96fae43-9d96-4b62-a5ae-34e2734c0893) 🛠 [Adjust project settings](https://app.snyk.io/org/argoyle/project/f96fae43-9d96-4b62-a5ae-34e2734c0893/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://snyk.io/docs/fixing-vulnerabilities/) [//]: # (snyk:metadata:{"prId":"6a23121d-bc83-4923-9407-880b09ad5dc8","dependencies":[{"name":"nodemon","from":"2.0.2","to":"2.0.3"}],"packageManager":"yarn","projectPublicId":"f96fae43-9d96-4b62-a5ae-34e2734c0893","projectUrl":"https://app.snyk.io/org/argoyle/project/f96fae43-9d96-4b62-a5ae-34e2734c0893?utm_source=gitlab&utm_medium=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DOTPROP-543489"],"upgrade":["SNYK-JS-DOTPROP-543489"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title"]})

argoyle commented

2020-04-09 06:08:20 +00:00

(Migrated from gitlab.com)

added 1 commit

ee97d6cd - chore: update to latest build-tools

Compare with previous version

added 1 commit <ul><li>ee97d6cd - chore: update to latest build-tools</li></ul> [Compare with previous version](/unboundsoftware/shiny/auth0mock/-/merge_requests/1/diffs?diff_id=84521285&start_sha=1db0440a3c6723e785a16a7b766be37ebde69541)

argoyle commented

2020-04-09 06:12:09 +00:00

(Migrated from gitlab.com)

mentioned in commit 4ad69204d5

mentioned in commit 4ad69204d501a4d7da1148889b45820c6d384b6f

argoyle commented

2020-04-09 06:12:09 +00:00

(Migrated from gitlab.com)

merged

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: unboundsoftware/auth0mock#6