[Snyk] Security upgrade pm2 from 4.3.0 to 4.5.5

Open vyakymenko opened this issue 4 years ago • 0 comments

merge advice

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-SYSTEMINFORMATION-1078290	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: pm2

The new version differs by 76 commits.

a6a52dc [email protected]
5e18920 [email protected]
b743ce0 [email protected]
88b5ab4 [email protected]
cc9714c bump copyright years
64f8ea0 [email protected]
c0372a8 prepare 4.5.1
56ffa13 upgrade debug
452cc85 upgrade systeminformation
f376825 feat: restore --sort option on pm2 ls #4536
2f61ddb fix: cron-restart in cluster mode + alias --cron to --cron-restart fix #4834 #4733 #4307 #4834
0b56e72 Merge branch 'master' into development
2ba6dff Merge pull request #4892 from AdamMajer/fix_npm7_devel
f830d5f Merge pull request #4897 from Glyphack/patch-2
d13e4a3 test against Node 15.x
94615fb Update systeminformation package to 4.27.11
25b7ccd tests: fix tests with npm7
73a4eaf [ci skip] bump readme
49f1871 [email protected]
3e004dc add udp client/server example + fix typo
310d68d [email protected] - testing phase
7f11906 Merge pull request #4681 from guard43ru/development
108ddea Merge pull request #4741 from getsnoopy/fix-unit-test-script
c4929d1 Merge pull request #4762 from ffflorian/patch-1

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Mar 05 '21 03:03 vyakymenko