Skip to content

[Snyk] Security upgrade pm2 from 4.4.0 to 4.5.6 #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
coolgk wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade pm2 from 4.4.0 to 4.5.6 #110

coolgk wants to merge 1 commit into from

Conversation

@coolgk
Copy link
Owner

@coolgk coolgk commented Sep 13, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • node-typescript/package.json
    • node-typescript/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: pm2 The new version differs by 65 commits.
  • 1d81757 pm2@4.5.6
  • a6a52dc pm2@4.5.5
  • 5e18920 pm2@4.5.4
  • b743ce0 pm2@4.5.3
  • 88b5ab4 pm2@4.5.2
  • cc9714c bump copyright years
  • 64f8ea0 pm2@4.5.1
  • c0372a8 prepare 4.5.1
  • 56ffa13 upgrade debug
  • 452cc85 upgrade systeminformation
  • f376825 feat: restore --sort option on pm2 ls #4536
  • 2f61ddb fix: cron-restart in cluster mode + alias --cron to --cron-restart fix #4834 #4733 #4307 #4834
  • 0b56e72 Merge branch 'master' into development
  • 2ba6dff Merge pull request #4892 from AdamMajer/fix_npm7_devel
  • f830d5f Merge pull request #4897 from Glyphack/patch-2
  • d13e4a3 test against Node 15.x
  • 94615fb Update systeminformation package to 4.27.11
  • 25b7ccd tests: fix tests with npm7
  • 73a4eaf [ci skip] bump readme
  • 49f1871 pm2@4.5.0
  • 3e004dc add udp client/server example + fix typo
  • 310d68d pm2@4.5.0 - testing phase
  • 7f11906 Merge pull request #4681 from guard43ru/development
  • 108ddea Merge pull request #4741 from getsnoopy/fix-unit-test-script

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: node-typescript/package.json & node-typescript/package-lock.json…
df2618f 
… to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@coolgk @snyk-bot