[Snyk] Upgrade: tslib, rxjs, yargs, tar, follow-redirects, inquirer, open, openshift-rest-client #649
+248
−81
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- tslib from 2.3.1 to 2.6.3.
See this package in npm: https://www.npmjs.com/package/tslib
- rxjs from 7.5.5 to 7.8.1.
See this package in npm: https://www.npmjs.com/package/rxjs
- yargs from 17.5.1 to 17.7.2.
See this package in npm: https://www.npmjs.com/package/yargs
- tar from 6.1.11 to 6.2.1.
See this package in npm: https://www.npmjs.com/package/tar
- follow-redirects from 1.14.9 to 1.15.6.
See this package in npm: https://www.npmjs.com/package/follow-redirects
- inquirer from 8.2.2 to 8.2.6.
See this package in npm: https://www.npmjs.com/package/inquirer
- open from 8.4.0 to 8.4.2.
See this package in npm: https://www.npmjs.com/package/open
- openshift-rest-client from 7.0.0 to 7.1.1.
See this package in npm: https://www.npmjs.com/package/openshift-rest-client
See this project in Snyk:
https://app.snyk.io/org/seansund/project/be94fcb0-6164-4721-8739-126a6d6646f3?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
tslib
from 2.3.1 to 2.6.3 | 10 versions ahead of your current version | 3 months ago
on 2024-06-04
rxjs
from 7.5.5 to 7.8.1 | 6 versions ahead of your current version | a year ago
on 2023-04-26
yargs
from 17.5.1 to 17.7.2 | 6 versions ahead of your current version | a year ago
on 2023-04-27
tar
from 6.1.11 to 6.2.1 | 6 versions ahead of your current version | 6 months ago
on 2024-03-21
follow-redirects
from 1.14.9 to 1.15.6 | 7 versions ahead of your current version | 6 months ago
on 2024-03-14
inquirer
from 8.2.2 to 8.2.6 | 4 versions ahead of your current version | a year ago
on 2023-08-02
open
from 8.4.0 to 8.4.2 | 2 versions ahead of your current version | 2 years ago
on 2023-02-20
openshift-rest-client
from 7.0.0 to 7.1.1 | 2 versions ahead of your current version | 2 years ago
on 2022-10-14
Issues fixed by the recommended upgrade:
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-TAR-6476909
SNYK-JS-FOLLOWREDIRECTS-6444610
Release notes
Package name: tslib
-
2.6.3 - 2024-06-04
- 'await using' normative changes by @ rbuckton in #258
-
2.6.2 - 2023-08-18
- Fix path to
-
2.6.1 - 2023-07-24
- Allow functions as values in __addDisposableResource by @ rbuckton in #215
- Stop using es6 syntax in the es6 file by @ andrewbranch in #216
-
2.6.0 - 2023-06-26
- Add helpers for
-
2.5.3 - 2023-06-02
- Do not reference tslib.es6.js from package.json exports by @ andrewbranch in #208
-
2.5.2 - 2023-05-18
-
2.5.1 - 2023-05-17
-
2.5.0 - 2023-01-26
- Fix asyncDelegator reporting done too early by @ apendua in #187
- Add support for TypeScript 5.0's
-
2.4.1 - 2022-10-31
-
2.4.0 - 2022-04-22
-
2.3.1 - 2021-08-11
from tslib GitHub release notesWhat's Changed
Full Changelog: v2.6.2...v2.6.3
What's Changed
exports["module"]["types"]by @ andrewbranch in #217Full Changelog: v2.6.1...v2.6.2
What's Changed
Full Changelog: 2.6.0...v2.6.1
What's Changed
usingandawait usingby @ rbuckton in #213Full Changelog: v2.5.3...2.6.0
What's Changed
Full Changelog: 2.5.2...v2.5.3
This release explicitly re-exports helpers to work around TypeScript's incomplete symbol resolution for tslib.
This release of tslib provides fixes for two issues.
First, it reverses the order of
inithooks provided by decorators to correctly reflect proposed behavior.Second, it corrects the
exportsfield of tslib'spackage.jsonand provides accurate declaration files so that it may be consumed under thenode16andbundlersettings formoduleResolution.What's New
__esDecorateand related helpers by @ rbuckton in #193Full Changelog: 2.4.1...2.5.0
This release contains fixes for early
returns andthrows invoked on generators.This release includes the
__classPrivateFieldInhelper as well as an update to__createBindingto reduce indirection between multiple re-exports.Package name: rxjs
-
7.8.1 - 2023-04-26
-
7.8.0 - 2022-12-15
-
7.7.0 - 2022-12-15
-
7.6.0 - 2022-12-03
-
7.5.7 - 2022-09-25
-
7.5.6 - 2022-07-11
-
7.5.5 - 2022-03-08
from rxjs GitHub release noteschore(publish): 7.8.1
Package name: yargs
-
17.7.2 - 2023-04-27
- do not crash completion when having negated options (#2322) (7f42848)
-
17.7.1 - 2023-02-21
- address display bug with default sub-commands (#2303) (9aa2490)
-
17.7.0 - 2023-02-16
- add method to hide option extras (#2156) (2c144c4)
- convert line break to whitespace for the description of the option (#2271) (4cb41dc)
- copy the description of the option to its alias in completion (#2269) (f37ee6f)
-
17.6.2 - 2022-11-03
- deps: update dependency yargs-parser to v21.1.1 (#2231) (75b4d52)
- lang: typo in Finnish unknown argument singular form (#2222) (a6dfd0a)
-
17.6.1 - 2022-11-02
- lang: fix "Not enough non-option arguments" message for the Czech language (#2242) (3987b13)
-
17.6.0 - 2022-10-01
-
17.5.1 - 2022-05-16
from yargs GitHub release notes17.7.2 (2023-04-27)
Bug Fixes
17.7.1 (2023-02-21)
Bug Fixes
17.7.0 (2023-02-13)
Features
Bug Fixes
17.6.2 (2022-11-03)
Bug Fixes
17.6.1 (2022-11-02)
Bug Fixes
Package name: tar
-
6.2.1 - 2024-03-21
-
6.2.0 - 2023-09-05
-
6.1.15 - 2023-05-17
-
6.1.14 - 2023-05-02
-
6.1.13 - 2022-12-07
-
6.1.12 - 2022-11-01
-
6.1.11 - 2021-08-26
from tar GitHub release notesv6.2.1
6.2.0
6.1.15
6.1.14
6.1.13 (2022-12-07)
Dependencies
cc4e0dd#343 bump minipass from 3.3.6 to 4.0.06.1.12 (2022-10-31)
Bug Fixes
57493ee#332 ensuring close event is emited after stream has ended (@ webark)b003c64#314 replace deprecated String.prototype.substr() (#314) (@ CommanderRoot, @ lukekarrys)Documentation
f129929#313 remove dead link to benchmarks (#313) (@ yetzt)c1faa9fadd examples/explanation of using tar.t (@ isaacs)6.1.11
Package name: follow-redirects
-
1.15.6 - 2024-03-14
-
1.15.5 - 2024-01-12
-
1.15.4 - 2023-12-30
-
1.15.3 - 2023-09-19
-
1.15.2 - 2022-09-13
-
1.15.1 - 2022-05-26
-
1.15.0 - 2022-05-03
-
1.14.9 - 2022-02-18
from follow-redirects GitHub release notesNo content.
No content.
No content.
No content.
No content.
No content.
No content.
No content.
Package name: inquirer
-
8.2.6 - 2023-08-02
-
8.2.5 - 2022-10-24
-
8.2.4 - 2022-04-28
-
8.2.3 - 2022-04-26
-
8.2.2 - 2022-03-24
from inquirer GitHub release notesPackage name: open
-
8.4.2 - 2023-02-20
- Fix support for Podman 51fae87
-
8.4.1 - 2023-02-08
- Fix
- Fix the
-
8.4.0 - 2021-10-24
- Improve ArchLinux support (#265) b58fb1f
from open GitHub release notesv8.4.1...v8.4.2
allowNonzeroExitCodeoption (#296) 051edcaappargument with WSL (#295) 4cf1a6dv8.4.0...v8.4.1
v8.3.0...v8.4.0
Package name: openshift-rest-client
-
7.1.1 - 2022-10-14
- fix path on requestOptions (#324) (198843b)
-
7.1.0 - 2022-10-13
- Replace request with undici (#322) (b4d606b)
- upgrade eslint from 7.32.0 to 8.6.0 (#291) (25c99b9)
- upgrade eslint-plugin-promise from 4.3.1 to 6.0.0 (#293) (0a25faa)
- upgrade husky from 6.0.0 to 7.0.4 (#294) (14a2a71)
- fix eslint issues with dependencies (99a577b)
- upgrade eslint-plugin-import from 2.24.2 to 2.25.1 (#286) (7bb267a)
- upgrade eslint-plugin-import from 2.25.1 to 2.25.2 (#289) (1b90ae2)
- upgrade tape from 5.3.1 to 5.3.2 (#290) (143d7ab)
-
7.0.0 - 2021-10-01
- changes the default value of loadClusterFromSpec to true instead of false (#285)(1442a3b)
- package.json & package-lock.json to reduce vulnerabilities (#284) (a4742e8)
- upgrade eslint-plugin-import from 2.23.4 to 2.24.0 (#280) (6223ddb)
- upgrade eslint-plugin-import from 2.24.0 to 2.24.1 (#282) (da100e7)
- upgrade eslint-plugin-import from 2.24.1 to 2.24.2 (#283) (f9e3ee8)
- upgrade tape from 5.2.2 to 5.3.1 (#279) (d1feab8)
from openshift-rest-client GitHub release notesBug Fixes
Features
Bug Fixes
7.0.0 (2021-10-01)
⚠ BREAKING CHANGES
Bug Fixes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"tslib","from":"2.3.1","to":"2.6.3"},{"name":"rxjs","from":"7.5.5","to":"7.8.1"},{"name":"yargs","from":"17.5.1","to":"17.7.2"},{"name":"tar","from":"6.1.11","to":"6.2.1"},{"name":"follow-redirects","from":"1.14.9","to":"1.15.6"},{"name":"inquirer","from":"8.2.2","to":"8.2.6"},{"name":"open","from":"8.4.0","to":"8.4.2"},{"name":"openshift-rest-client","from":"7.0.0","to":"7.1.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"}],"prId":"ec521539-460a-4114-ad79-ea7d3dd90a25","prPublicId":"ec521539-460a-4114-ad79-ea7d3dd90a25","packageManager":"npm","priorityScoreList":[686,646,646],"projectPublicId":"be94fcb0-6164-4721-8739-126a6d6646f3","projectUrl":"https://app.snyk.io/org/seansund/project/be94fcb0-6164-4721-8739-126a6d6646f3?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-TAR-6476909","SNYK-JS-FOLLOWREDIRECTS-6444610"],"upgradeInfo":{"versionsDiff":10,"publishedDate":"2024-06-04T20:25:19.808Z"},"vulns":["SNYK-JS-FOLLOWREDIRECTS-6141137","SNYK-JS-TAR-6476909","SNYK-JS-FOLLOWREDIRECTS-6444610"]}'