[Snyk] Upgrade dependency-check from 2.9.1 to 2.10.1 #374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

webholik merged 2 commits into develop from snyk-upgrade-85613c8358dde141b5873c35eaf95177

Oct 16, 2020

Contributor

snyk-bot commented Oct 16, 2020

Snyk has created this PR to upgrade dependency-check from 2.9.1 to 2.10.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 3 years ago, on 2018-03-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Timing Attack SNYK-JS-ELLIPTIC-511941	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dependency-check

2.10.1 - 2018-03-09
Fix compatibility with node 0.10 and 0.12
2.10.0 - 2018-01-11
2.10.0
2.9.2 - 2017-12-18
2.9.2
2.9.1 - 2017-06-15
Fixed
- Fallback on .js when no detective is found for extension
Changed
- Use async resolve() function

from dependency-check GitHub release notes

Commit messages

Package name: dependency-check

869e756 2.10.1
8f5fb54 Ignore package manager lock files
cfa2ab3 Downgrade read-package-json dependency to ^1.3.3
5bf9ba6 Add new CLI option to readme
f4f5d00 2.10.0
813641c Add --no-peer option
dd929b1 Add Node 9 as test target
59b4292 Add Node 4 as test target
ed7e923 2.9.2
5cb1030 Correctly determine core modules in different Node versions
ef25eb0 Add Node 7 and 8 as test targets
03e4fbc Pin to older read-package-json to pass tests
93a33fe Update Travis Badge
6595b27 Remove "only usable with --unused" from docs

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade dependency-check from 2.9.1 to 2.10.1

a55a4e4

Snyk has created this PR to upgrade dependency-check from 2.9.1 to 2.10.1.

See this package in npm:
https://www.npmjs.com/package/dependency-check

See this project in Snyk:
https://app.snyk.io/org/postman/project/8519ba8e-6a7d-469a-88b3-7891b4c1c14e?utm_source=github&utm_medium=upgrade-pr

webholik changed the base branch from master to develop

October 16, 2020 04:14


          Merge branch 'develop' into snyk-upgrade-85613c8358dde141b5873c35eaf9…

5ca1430

…5177

webholik approved these changes

View reviewed changes

webholik merged commit fb49578 into develop

webholik deleted the snyk-upgrade-85613c8358dde141b5873c35eaf95177 branch

October 16, 2020 09:55

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet