Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade commander from 5.0.0 to 5.1.0 #28

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade commander from 5.0.0 to 5.1.0 #28

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade commander from 5.0.0 to 5.1.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 2 years ago, on 2020-04-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-608086		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: commander
  • 5.1.0 - 2020-04-25

    Added

    • support for multiple command aliases, the first of which is shown in the auto-generated help (#531, #1236)
    • configuration support in addCommand() for hidden and isDefault (#1232)

    Fixed

    • omit masked help flags from the displayed help (#645, #1247)
    • remove old short help flag when change help flags using helpOption (#1248)

    Changed

    • remove use of arguments to improve auto-generated help in editors (#1235)
    • rename .command() configuration noHelp to hidden (but not remove old support) (#1232)
    • improvements to documentation
    • update dependencies
    • update tested versions of node
    • eliminate lint errors in TypeScript (#1208)
  • 5.0.0 - 2020-03-14
    Read more
from commander GitHub release notes
Commit messages
Package name: commander
  • 6405325 Prepare for release (#1255)
  • 8c9cfbb Add Node.js 14 to the CI settings of GitHub Actions (#1253)
  • b8baafb Update dependencies (#1251)
  • e1966fc Omit the help flags from help that are masked by other options (#1247)
  • 56221f7 Allow helpOption to only include long flag (#1248)
  • 28e8d3f Add support for multiple aliases (#1236)
  • b59adfc Replace use of arguments.length (#1235)
  • b5d95ee Add opts to addCommand, and rename noHelp to hidden (#1232)
  • 8ec3e7f Consistently refer to returning this for chaining (not parent) (#1231)
  • 2c0a237 Remove most uses of top-level, as less accurate now with command nesting. (#1230)
  • e960c90 Fixing lint errors in TypeScript (#1208)
  • ebc8b41 Merge pull request #1221 from shadowspawn/feature/nested-typos
  • 2ffa6f2 Add 5.x, EOL for 4.x (#1222)
  • c3895db Add 5.x, EOL for 4.x
  • 9b0a991 Fix typos

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot