[Snyk] Security upgrade isomorphic-git from 0.78.2 to 1.8.2 by snyk-bot · Pull Request #182 · SlimIO/Sync
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
741/1000 Why? Recently disclosed, Has a fix available, CVSS 9.1 |
Directory Traversal SNYK-JS-ISOMORPHICGIT-1535213 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: isomorphic-git
The new version differs by 132 commits.- 1316820 fix(checkout): throw error on malicious filepaths (#1339)
- 89c0da7 fix(merge): Cannot set property 'oid' of undefined (#1312)
- b102e1d fix(website): try it out (#1290)
- 03846e1 fix(react-native): fix for "<Intermediate Value>.stream is not a function" errors in React Native (#1156)
- 153679f chore: fix broken link in README.md (#1154)
- baf668b fix(merge): "Cannot read property 'Symbol(PackfileCache)' of undefined" error (#1289)
- 26f761e feat: Added 'cache' parameter; an opt-in solution to performance regressions caused by #1217 (#1255)
- f2e3805 fix(CLI): `isogit` CLI throws "Error [ERR_REQUIRE_ESM]: Must use import to load ES Module" in Node 13+
- 629b4e1 fix(push): "Cannot read property 'packfiles' of undefined" error (#1234)
- 3eeb9a8 chore: fix the "TypeError: dupMap.get is not a function" errors that break Jest occasionally (#1233)
- e66a6c2 fix(fetch): fetching a commit hash with `singleBranch: true` (#1225)
- 668015c docs(pr-template): fixed location of `__tests__/test-exports.js` (#1195)
- 9c1e96d docs: renameBranch missing from docs (#1218)
- ad1f06f chore: delete a 3.6 MB test fixture that is not used anywhere (#1200)
- f19ea0f fix(clone): fix memory leak if repeatedly cloning (#1217)
- 02045f6 fix(getRemoteInfo, getRemoteInfo2): throw UnknownTransportError for SSH urls (#1199)
- 55f2ade fix(push): fix regression introduced in v1.4.4 that broke pushing repos with submodules (#1196)
- fb407a0 perf: replace git-apply-delta with hand-rolled code (#1191)
- 54262a3 chore: update bundlewatch to track 'main' branch (#1190)
- f9c0d83 chore(build): fix `npm format` command (#1176)
- 1035d93 fix(pull): Cannot read property 'index' of undefined (#1189)
- 585c4f5 feat: Added 'renameBranch' command (#1175)
- b03f261 feat: Added 'listServerRefs' and 'getRemoteInfo2' commands (#1169)
- 33256b6 chore: fix generate-docs.js to use 'main' instead of 'master' (#1168)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report