From 74e21339b8a0ed14dc1e1a2a230b60305cd1447a Mon Sep 17 00:00:00 2001 From: Snyk Community Date: Wed, 19 Oct 2016 14:51:07 +0300 Subject: [PATCH] Fix for the ReDoS vulnerability generator-angular-php is currently affected by the high-severity [ReDoS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722). Vulnerable module: `tough-cookie` Introduced through: `yeoman-generator` This PR fixes the ReDoS vulnerability by upgrading `yeoman-generator` to version 0.24.1 The upgrade will also fix the following other vulnerabilities: * [Symlink Arbitrary File Overwrite vulnerability](https://snyk.io/vuln/npm:tar:20151103) in the `tar` dependency. * [Denial of Service (Event Loop Blocking) vulnerability](https://snyk.io/vuln/npm:qs:20140806-1) in the `qs` dependency. * [Denial of Service (Memory Exhaustion) vulnerability](https://snyk.io/vuln/npm:qs:20140806) in the `qs` dependency. * [Remote Memory Exposure vulnerabiliy](https://snyk.io/vuln/npm:request:20160119) in the `request` dependency. * [ReDoS vulnerabiliy](https://snyk.io/vuln/npm:hawk:20160119) in the `hawk dependency, * [ReDoS vulnerabiliy](https://snyk.io/vuln/npm:minimatch:20160620) in the `minimatch` dependency. Check out the [Snyk test report](https://snyk.io/test/github/amercier/generator-angular-php) to review other vulnerabilities that affect this repo. [Watch the repo](https://snyk.io/add) to * get alerts if newly disclosed vulnerabilities affect this repo in the future. * generate pull requests with the fixes you want, or let us do the work: when a newly disclosed vulnerability affects you, we'll submit a fix to you right away. Stay secure, The Snyk team --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4ca6f45..f707eb3 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ }, "dependencies": { "wiredep": "^1.8.6", - "yeoman-generator": "^0.16.0", + "yeoman-generator": "^0.24.1", "yosay": "^0.2.0", "chalk": "^0.4.0" },