[Snyk] Security upgrade isomorphic-git from 0.78.2 to 1.11.1 by snyk-bot · Pull Request #188 · SlimIO/Sync
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
833/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.8 |
Information Exposure SNYK-JS-SIMPLEGET-2361683 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: isomorphic-git
The new version differs by 172 commits.- 82433d2 fix: set remote tracking branch on clone (#1475)
- edc434a fix Android image in README (#1474)
- 3de145f fix documentation for track option on checkout command (#1472)
- 710a5b3 chore(deps-dev): bump @ isomorphic-git/cors-proxy from 2.7.0 to 2.7.1 (#1466)
- 30be9dd chore(deps): bump simple-get from 3.0.3 to 4.0.0 (#1467)
- 6450626 feat: add `noTrack` option to checkout (#1463)
- c6df509 add test for checkout of branch name that contains a dot (#1462)
- 4ef6fd6 fix: update the config parser to handle dots in key name (#1461)
- 611b04b fix(is-ignored): allow paths ending with / (#1453)
- 72b3987 fix(statusMatrix, walk): don't remove the executable bit from file mode (Windows-only bug) (#1444)
- 267b017 fix(tags): do not peel tag when cloning (#1442)
- 76d0d69 fix: handle protocol version 2 edge case (#1424)
- 52b87bb chore: update onAuth docs (#1415)
- f7ca4d0 feat: Added 'isIgnored' command (#1413)
- 3b9c17c docs: add faster approach to staging all files to faq (#1405)
- 04b0742 fix: "TypeError: Cannot read property 'length' of undefined" at Inflate.push
- 19af1e5 resolves #1383 use built-in fs.rm if available; otherwise, use fallback utility (#1387)
- a40acb8 Move `endCommit` above return statement (#1388)
- 6af05bd fix: the merging can not sign the commit (#1235)
- 1d63afe docs: add @ strangedev as a contributor (#1384)
- 5a34ceb posixify symlink path when adding file to repository (#1382)
- 27fc08f feat: git log the history of one file only (#1172)
- 04fa3d9 fix: remove fallthrough switch statement (#1247)
- fca0a80 fix: signature of WalkerMap (#1385)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report