Skip to content

Vulnerability: Update dependencies on @commitlint/core, @commitlint/cli and semantic-releaseΒ #27

New issue
New issue
Open
Open
Vulnerability: Update dependencies on @commitlint/core, @commitlint/cli and semantic-release#27
@dbartholomae

Description

@dbartholomae
dbartholomae
opened on Sep 7, 2019

Currently the package relies on version 6.x of semantic-release, @commitlint/core and @commitlint/cli. These contain the below vulnerabilities. Please update these dependencies to newer versions.
You can also use audit-ci in your CircleCI config to be automatically warned on builds.

moderate Regular Expression Denial of Service
Package marked
Patched in >=0.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > semantic-release > marked
More info https://www.npmjs.com/advisories/812
high Prototype Pollution
Package lodash.merge
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/cli > @commitlint/load > @commitlint/resolve-extends > lodash.merge
More info https://www.npmjs.com/advisories/1066
high Prototype Pollution
Package lodash.merge
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/core > @commitlint/load > @commitlint/resolve-extends > lodash.merge
More info https://www.npmjs.com/advisories/1066
high Prototype Pollution
Package lodash.merge
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/cli > @commitlint/load > lodash.merge
More info https://www.npmjs.com/advisories/1066
high Prototype Pollution
Package lodash.merge
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/core > @commitlint/load > lodash.merge
More info https://www.npmjs.com/advisories/1066
high Prototype Pollution
Package lodash.merge
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/cli > lodash.merge
More info https://www.npmjs.com/advisories/1066
high Prototype Pollution
Package lodash.mergewith
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/cli > @commitlint/load > lodash.mergewith
More info https://www.npmjs.com/advisories/1071
high Prototype Pollution
Package lodash.mergewith
Patched in >=4.6.2
Dependency of semantic-commitlint
Path semantic-commitlint > @commitlint/core > @commitlint/load >
lodash.mergewith
More info https://www.npmjs.com/advisories/1071

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions