flex-plugin-builder icon indicating copy to clipboard operation
flex-plugin-builder copied to clipboard
verified publisher icon twilio

[Snyk] Security upgrade columnify from 1.5.4 to 1.6.0

Open twilio-product-security opened this issue 3 years ago β€’ 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/flex-dev-utils/package.json
    • packages/flex-dev-utils/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: columnify The new version differs by 34 commits.
  • a532ca1 Release 1.6.0
  • 92fdab6 Clean up readme badges, update stats.
  • a350bf2 Add npm cache to CI.
  • aae8411 Actually install & test in CI.
  • b2fe72f Use github actions.
  • 4b54106 Update node version in travis.yml.
  • c820951 Update packages.
  • 10ea59d Update packages.
  • e768ed8 Revert "Merge pull request #59 from njhoffman/master"
  • 1cf9287 Merge pull request #59 from njhoffman/master
  • 091ddb0 Merge pull request #60 from sreekanth370/master
  • bece43f Merge pull request #49 from tdmalone/patch-1
  • 4b72760 Merge branch 'master' into master
  • e7c082a Merge pull request #62 from viceice/patch-1
  • db4ee97 chore: bump version
  • 0bd797f chore: require node v8
  • ea15deb fix: update strip-ansi to v6.0.1
  • 33c942e compatibility updates
  • 5cb6515 fixed transipiling errors
  • a27ddb8 version bump
  • 95d9a8e extract strip-ansi dependency
  • 4895ec1 version bump
  • 64c77f5 version bump
  • 1d3ef4b add modules key and main eky to package.json

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Learn about vulnerability in an interactive lesson of Snyk Learn.

twilio-product-security avatar May 13 '22 23:05 twilio-product-security

Codecov Report

Merging #702 (fc49aa2) into main (0d0e3e0) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #702   +/-   ##
=======================================
  Coverage   87.21%   87.21%           
=======================================
  Files         138      138           
  Lines        3762     3762           
  Branches      636      636           
=======================================
  Hits         3281     3281           
  Misses        379      379           
  Partials      102      102

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 0d0e3e0...fc49aa2. Read the comment docs.

codecov[bot] avatar May 13 '22 23:05 codecov[bot]

Closing this PR as it is outdated

aishwarya-tw avatar May 02 '23 07:05 aishwarya-tw