[Snyk] Security upgrade mkdirp from 0.5.1 to 0.5.2 #1

snyk-bot · 2020-12-30T20:22:45Z

✨ Snyk has automatically assigned this pull request, set who gets assigned.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- yarn.lock
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20170412

ryan-ally merged commit 98b2c0c into master Dec 30, 2020

ryan-ally deleted the snyk-fix-a75c361badb60ad2bff15b492a4ee974 branch December 30, 2020 20:23

Provide feedback