Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Snyk] Security upgrade dockerode from 4.0.4 to 4.0.5 #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
Loading
from
Open

[Snyk] Security upgrade dockerode from 4.0.4 to 4.0.5 #12

wants to merge 1 commit into from

Conversation

Horlabrainmoore
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • dev/diff/package.json
  • dev/diff/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Improper Link Resolution Before File Access ('Link Following')
SNYK-JS-TARFS-10293725		   649  
medium severity Symlink Following
SNYK-JS-TARFS-13045213		   541  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Link Resolution Before File Access ('Link Following')

@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedkeypress@​0.2.11001009977100
Addedlistr2@​6.6.1981007991100
Addedextract-zip@​2.0.1991008680100
Addedenquirer@​2.4.110010010080100
Addeddockerode@​4.0.510010010080100
Addedpretty-bytes@​6.1.110010010086100
Updatedchalk@​5.1.2 ⏵ 5.4.1100 +1100100 +188100
Addedfs-extra@​11.3.010010010089100
Addedtar@​7.4.39910010089100
Addedgot@​13.0.09910010090100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Horlabrainmoore @snyk-bot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.