Skip to content

[Snyk] Security upgrade bower from 1.3.12 to 1.4.0 #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade bower from 1.3.12 to 1.4.0 #22

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 691/1000
Why? Recently disclosed, Has a fix available, CVSS 8.1		 Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bower The new version differs by 91 commits.
  • ea1f5d1 Bump to 1.4.0
  • 77b7355 Bump npm-config, fixes #1689, fixes #1711
  • e727566 Revert SvnResolver changes (windows paths in URLs)
  • 0f68da4 Add support for two-factor authentication for login
  • 1a7abfd Add tests for login command
  • 905c277 Add tests for unregister command
  • 126da9e Unregister and login commands
  • 1080cb7 Merge pull request #1759 from nwinkler/Request-dep
  • 39a2959 Set request version to 2.53.0
  • 7e55b0b Merge pull request [Snyk Alert] Fix for 12 vulnerable dependency paths #1 from bower/master
  • b4aa90b Merge pull request #1755 from dancrumb/feature/1754
  • a1ecf8a Fixes #1754: The version command in the programmatic API now returns the new version
  • 4d59d26 Merge pull request #1628 from nwinkler/detect-smart-git
  • 7e0a2ea Added check for empty remote or no protocol set.
  • 912808b Added support for caching hosts that support shallow cloning.
  • a352d51 Using a function reference instead of calling directly from constructor
  • 4ad5ed6 Automatically detecting _smart Git hosts_.
  • 3838a3b Merge pull request #1740 from kytwb/master
  • 7d748ae Fix broken link to npm completion doc
  • 9dab389 Merge pull request #1722 from kant/patch-1
  • 260b4ad Update year of copyright
  • 182d92f test: Fix SvnResolver tests on all platforms
  • 61a68a9 test: Replace dejavu repo with pure (dejavu moved)
  • b6e33d7 Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
31fb820 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot