[Snyk] Security upgrade get-latest-version from 1.0.1 to 5.0.0 #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

duluca wants to merge 1 commit into main from snyk-fix-dcf4d9e7cc10605d184cd709a06ed7c5

Member

duluca commented Sep 6, 2024

Snyk has created this PR to fix 9 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

package.json
package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Input Validation SNYK-JS-URLPARSE-2407770	726
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	641
	Authorization Bypass SNYK-JS-URLPARSE-2407759	641
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	631
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	586
	Open Redirect SNYK-JS-URLPARSE-1533425	586
	Prototype Pollution SNYK-JS-MINIMIST-2429795	506
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	344

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Open Redirect
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn


          fix: package.json & package-lock.json to reduce vulnerabilities

a74a79a

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet