[Snyk] Upgrade yeoman-environment from 1.6.6 to 3.10.0 #4

snyk-bot · 2022-08-20T20:33:30Z

Snyk has created this PR to upgrade yeoman-environment from 1.6.6 to 3.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 53 versions ahead of your current version.
The recommended version was released 22 days ago, on 2022-07-29.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-174125	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-450213	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Remote Memory Exposure SNYK-JS-BL-608877	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Time of Check Time of Use (TOCTOU) npm:chownr:20180731	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-JUSTEXTEND-72674	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yeoman-environment

3.10.0 - 2022-07-29
- add dependency on isbinaryfile e81c22b
- fix isPackageRegistered and create with generator with invalid namespace but aliased to a valid one 90504ae
- throw error when set a invalid namespace f4bf52c
- fix: allow to override a generator. (#418) 2f7fe9f
- fix: conflict on file permission change. (#415) a8fb7d3
v3.9.1...v3.10.0
3.9.1 - 2022-01-18
- Move _postConstruct from create to instantiate. (#382) 66752e4
v3.9.0...v3.9.1
3.9.0 - 2022-01-18
- Improve command options. (#377) 6a812bf
v3.8.1...v3.9.0
3.8.1 - 2021-11-25
- Fix outdated force check. (#373) 0b8d3b8
v3.8.0...v3.8.1
3.8.0 - 2021-11-09
- Implement patternFilter and patternSpy. (#370) 9c3cbe5
- Add exports field to package.json (#369) 28b492a
- Simplify namespace() using slash and resolve repository namespaces. (#368) b5baf0e
v3.7.0...v3.8.0
3.7.0 - 2021-11-08
- Bump dependencies.
- Implement conflicterStatus. (#334) 8833c47
- Format using new standards. (#333) cb46b68
- Improve Node 16 support. (#330) 7017557
- Force write .yo-resolve files. 06c2c9b
- Add ignore to conflicter action. 810b0bd
- ESM generator fix. a6071e1
- fix: error message when generator not found cc90fd9
v3.6.0...v3.7.0
3.6.0 - 2021-08-21
- Add _postConstruct callback for async operations. 927d6af
v3.5.1...v3.6.0
3.5.1 - 2021-07-05
- Fix queueGenerator schedule a605527
v3.5.0...v3.5.1
3.5.0 - 2021-07-05
- Add support to async queueGenerator. e4a8143
- Add support to don't schedule generator queue at composeWith. 2e65ccb
- Fix callback assertion. (#314) 36c6feb
v3.4.1...v3.5.0
3.4.1 - 2021-05-23
- Fix spawn command context. (#310) eedfc36
v3.4.0...v3.4.1
3.4.0 - 2021-05-18
3.3.0 - 2021-05-01
3.2.0 - 2021-03-13
3.1.0 - 2021-03-06
3.0.1 - 2021-02-22
3.0.0 - 2021-02-20
3.0.0-rc.1 - 2021-02-20
3.0.0-rc.0 - 2021-02-15
3.0.0-beta.3 - 2021-02-13
3.0.0-beta.2 - 2021-02-13
3.0.0-beta.1 - 2020-11-17
2.10.3 - 2020-05-31
2.10.2 - 2020-05-15
2.10.1 - 2020-05-14
2.10.0 - 2020-05-03
2.9.6 - 2020-04-24
2.9.5 - 2020-04-22
2.9.4 - 2020-04-19
2.9.3 - 2020-04-18
2.9.2 - 2020-04-18
2.9.1 - 2020-04-13
2.9.0 - 2020-04-09
2.8.1 - 2020-03-09
2.8.0 - 2020-02-14
2.7.0 - 2019-12-15
2.6.0 - 2019-10-27
2.5.0 - 2019-10-14
2.4.0 - 2019-06-26
2.3.4 - 2018-11-04
2.3.3 - 2018-08-22
2.3.2 - 2018-08-21
2.3.1 - 2018-07-17
2.3.0 - 2018-06-23
2.2.0 - 2018-05-31
2.1.1 - 2018-05-14
2.1.0 - 2018-05-14
2.0.6 - 2018-03-31
2.0.5 - 2017-10-15
2.0.4 - 2017-09-30
2.0.3 - 2017-09-02
2.0.2 - 2017-08-09
2.0.1 - 2017-07-31
2.0.0 - 2017-06-07
1.6.6 - 2016-11-14

from yeoman-environment GitHub release notes

Commit messages

Package name: yeoman-environment

bd8da36 3.10.0
e81c22b add dependency on isbinaryfile
90504ae fix isPackageRegistered and create with generator with invalid namespace but aliased to a valid one
f4bf52c throw error when set a invalid namespace
42689a5 Bump terser from 5.13.1 to 5.14.2 (#422)
2f7fe9f fix: allow to override a generator. (#418)
60945ed Update ignored dependencies.
dd294f0 chore: add mocha@10 to ignored dependencies
a8fb7d3 fix: conflict on file permission change. (#415)
11c80ed chore: update non updatable dependencies
0404d89 chore: update actions (#414)
4265953 fix: revert npm to v7 at ci (#413)
dc02f95 Bump transitional dependencies (#407)
f90a4ec Bump transitional dependencies (#399)
5f0e87b Bump transitional dependencies (#398)
3b2f619 3.9.1
66752e4 Move _postConstruct from create to instantiate. (#382)
256e142 3.9.0
91fea70 Bump transitional dependencies (#381)
32a59d7 Adjusts to lock-maintenance
8aa8868 Adjust package.json
53d55de Set bot email
6a812bf Improve command options. (#377)
ea26b7e Fix lock maintenance.