[Snyk] Security upgrade npm from 6.14.5 to 6.14.6 by snyk-bot · Pull Request #719 · guardicore/monkey

snyk-bot · 2020-07-14T15:09:36Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- monkey/monkey_island/cc/ui/package.json
- monkey/monkey_island/cc/ui/package-lock.json
- monkey/monkey_island/cc/ui/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	No	No Known Exploit

Commit messages

Package name: npm

The new version differs by 13 commits.

66092d5 6.14.6
46e91d9 update AUTHORS
66aab41 docs: changelog for 6.14.6
94eca63 npm-registry-fetch@4.0.5
a9857b8 chore: remove auth info from logs
479e45c style: fix lint error with no trailing comma
1aec4cb test: add test for `npm doctor` that ping registry returns error
b7ad775 fix: wrong `npm doctor` command result
9a2e2e7 docs: Fix typo
c49b6ae spdx-license-ids@3.0.5
3dd429e docs: Add note about dropped `*` filenames
0ca3509 Update npm-link.md
2e05298 chore(docs): fixed links to cli commands

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…/ui/package-lock.json & monkey/monkey_island/cc/ui/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NPM-575435 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746

ShayNehmad · 2020-07-16T10:52:56Z

Tested manually, it works on my machine

See https://stackoverflow.com/a/60112825/4119906

codecov · 2020-07-16T11:21:29Z

Codecov Report

Merging #719 into develop will not change coverage.
The diff coverage is n/a.

@@ Coverage Diff @@ ## develop #719 +/- ## ======================================== Coverage 59.85% 59.85% ======================================== Files 147 147 Lines 4783 4783 ======================================== Hits 2863 2863 Misses 1920 1920

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5fd1128...4dfdd44. Read the comment docs.

npm audit fix + lock to correct versions

snyk-bot and others added 3 commits July 14, 2020 15:09

Merge branch 'develop' into snyk-fix-661b0a9571c71708f17fef5d173a39ea

7e45540

Update package-lock.json

7170d54

ShayNehmad added 2 commits July 16, 2020 14:15

Added name and version to the package-json (won't compile otherwise)

491660e

See https://stackoverflow.com/a/60112825/4119906

Merge branch 'develop' into snyk-fix-661b0a9571c71708f17fef5d173a39ea

ed7a5ab

Update package-lock.json

4dfdd44

npm audit fix + lock to correct versions

ShayNehmad merged commit b0251fb into develop Jul 16, 2020

ShayNehmad deleted the snyk-fix-661b0a9571c71708f17fef5d173a39ea branch July 16, 2020 11:40

ShayNehmad mentioned this pull request Jul 21, 2020

Add Snyk.io integration #659

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade npm from 6.14.5 to 6.14.6#719

[Snyk] Security upgrade npm from 6.14.5 to 6.14.6#719
ShayNehmad merged 6 commits intodevelopfrom
snyk-fix-661b0a9571c71708f17fef5d173a39ea

snyk-bot commented Jul 14, 2020

ShayNehmad commented Jul 16, 2020

codecov bot commented Jul 16, 2020 •

edited

Loading

Labels

2 participants

Conversation