Skip to content

[Snyk] Security upgrade lint-staged from 12.3.3 to 13.0.0 #227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade lint-staged from 12.3.3 to 13.0.0 #227

wants to merge 1 commit into from

Conversation

ryan-ally
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Uncaught Exception
SNYK-JS-YAML-5458867		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: lint-staged The new version differs by 35 commits.
  • 50f95b3 refactor: remove `supports-color`
  • 659c85c fix(deps): update `execa@^6.1.0`
  • 2750a3d fix(deps): update `yaml@^2.1.1`
  • 5f0a6a7 refactor: use optional chaining `?.`
  • eae9622 refactor: use `node:` protocol imports
  • 5fb6df9 feat: remove support for Node.js 12
  • d4da24d fix: skip backup stash when using the `--diff` option
  • 1f06dd0 refactor: do not use Symbol in configuration mapping
  • 641d1c2 fix: include all files when using `--config <path>`
  • 753ef72 feat: add `--diff-filter` option for overriding list of (staged) files
  • 35fcce9 feat: add `--diff` option for overriding list of (staged) files
  • 383a96e fix(deps): downgrade [email protected] to support Node.js 12
  • 4f0ff7f chore(deps): update dependencies
  • ec73af0 fix(deps): update yaml@^2.0.1
  • 22ebf52 fix(deps): update commander@^9.2.0
  • 0894a3e docs: fix the missing comma in the README.md code
  • 1db5f26 fix: correctly handle --max-arg-length cli option
  • f0536dc ci: test using Node.js 18
  • b3f63ec fix: correctly handle symlinked config files
  • 8be800f test: add test for kill child processes on error
  • 877ab4c fix: restore functionality of parent globs for a single configuration file
  • 7d36ef7 test: do not collect coverage when directly running jest
  • e01c4c5 test: specify merge conflict style for snapshots
  • a118817 fix: handle empty input by returning empty array from `parseGitZOutput`

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryan-ally @snyk-bot