[Snyk] Upgrade terminal-kit from 1.31.2 to 1.49.3 #54

snyk-bot · 2021-07-13T22:36:38Z

Snyk has created this PR to upgrade terminal-kit from 1.31.2 to 1.49.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 79 versions ahead of your current version.
The recommended version was released 5 months ago, on 2021-02-20.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-JPEGJS-570039	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: terminal-kit

1.49.3 - 2021-02-20
Revert engine changes introduced in v1.49.0 (#156) (will re-introduce it as of v2.0.0)
1.49.2 - 2021-02-18
Fix a .destroy() bug on ColumnMenu's submenu (#151)
1.49.1 - 2021-02-18
Fix wrong keybinding for ColumnMenu's submenu (#151)
1.49.0 - 2021-02-18
Now Node.js v14 is required ; ColumnMenu now supports submenu (still beta) (#151)
1.48.1 - 2021-02-18
ScreenBuffer#put() now supports 'ansi' for the 'markup' option (#153) ; Improved the TextBuffer's doc
1.48.0 - 2021-02-17
New method: BaseMenu#setItem() (#150)
1.47.2 - 2021-02-17
Add the Element#show() and Element#hide() methods, fixing the missing API (#151)
1.47.1 - 2021-02-17
Fix #147 (ANSI parser bug)
1.47.0 - 2021-02-03
Document model: better handling of middle and right click, and now Button are sensible to all 3 clicks
1.46.1 - 2021-02-02
New: DropDownMenu#setDropDownItem()
1.46.0 - 2021-02-02
1.45.9 - 2021-01-26
1.45.8 - 2021-01-25
1.45.7 - 2021-01-25
1.45.5 - 2021-01-21
1.45.4 - 2021-01-14
1.45.3 - 2021-01-12
1.45.2 - 2021-01-11
1.45.1 - 2021-01-11
1.45.0 - 2021-01-11
1.44.3 - 2020-12-28
1.44.1 - 2020-12-28
1.44.0 - 2020-10-17
1.43.0 - 2020-08-25
1.42.0 - 2020-07-28
1.41.0 - 2020-07-22
1.40.0 - 2020-07-21
1.39.0 - 2020-07-20
1.38.0 - 2020-07-20
1.37.0 - 2020-07-19
1.36.0 - 2020-07-09
1.35.13 - 2020-07-08
1.35.12 - 2020-07-07
1.35.11 - 2020-07-06
1.35.10 - 2020-07-05
1.35.9 - 2020-07-05
1.35.8 - 2020-06-24
1.35.7 - 2020-06-19
1.35.6 - 2020-06-18
1.35.5 - 2020-06-18
1.35.4 - 2020-06-18
1.35.3 - 2020-06-04
1.35.2 - 2020-03-19
1.35.1 - 2020-03-13
1.35.0 - 2020-03-11
1.34.5 - 2020-03-08
1.34.4 - 2020-03-08
1.34.3 - 2020-03-07
1.34.2 - 2020-03-06
1.34.1 - 2020-03-04
1.34.0 - 2020-03-03
1.33.15 - 2020-02-18
1.33.14 - 2020-02-18
1.33.13 - 2020-02-18
1.33.12 - 2020-02-18
1.33.11 - 2020-02-18
1.33.10 - 2020-02-17
1.33.9 - 2020-02-17
1.33.8 - 2020-02-17
1.33.7 - 2020-02-16
1.33.6 - 2020-02-16
1.33.5 - 2020-02-16
1.33.4 - 2020-02-16
1.33.3 - 2020-02-15
1.33.2 - 2020-02-13
1.33.1 - 2020-02-13
1.33.0 - 2020-02-13
1.32.3 - 2020-01-09
1.32.2 - 2019-12-13
1.32.1 - 2019-12-04
1.32.0 - 2019-12-04
1.31.10 - 2019-12-03
1.31.9 - 2019-12-03
1.31.8 - 2019-12-03
1.31.7 - 2019-11-10
1.31.6 - 2019-11-06
1.31.5 - 2019-11-06
1.31.4 - 2019-09-27
1.31.3 - 2019-09-13
1.31.2 - 2019-09-01

from terminal-kit GitHub release notes

Commit messages

Package name: terminal-kit

ab6f00f Revert engine changes introduced in v1.49.0 (Bump mermaid from 8.4.6 to 8.11.0 in /ElectronClient #156) (will re-introduce it as of v2.0.0)
773d52b Fix a .destroy() bug on ColumnMenu's submenu ([Snyk] Upgrade: @babel/core, @babel/runtime #151)
52d4d85 Fix wrong keybinding for ColumnMenu's submenu ([Snyk] Upgrade: @babel/core, @babel/runtime #151)
c0a0323 Now Node.js v14 is required ; ColumnMenu now supports submenu (still beta) ([Snyk] Upgrade: @babel/core, @babel/runtime #151)
01f1e3f Submenu: WIP ([Snyk] Upgrade: @babel/core, @babel/runtime #151)
60d457a Submenu: wip ([Snyk] Security upgrade electron from 8.5.2 to 13.6.2 #150)
d5aeb3a ScreenBuffer#put() now supports 'ansi' for the 'markup' option ([Snyk] Upgrade electron-builder from 22.3.2 to 22.14.7 #153) ; Improved the TextBuffer's doc
bd4990e New method: BaseMenu#setItem() ([Snyk] Security upgrade electron from 8.5.2 to 13.6.2 #150)
a18a210 Add the Element#show() and Element#hide() methods, fixing the missing API ([Snyk] Upgrade: @babel/core, @babel/runtime #151)
188a875 Fix Bump tinymce from 5.6.0 to 5.10.0 in /ElectronClient #147 (ANSI parser bug)
7efe12d Document model: better handling of middle and right click, and now Button are sensible to all 3 clicks
a69704d New: DropDownMenu#setDropDownItem()
7d656eb Document model: new 'blinked' event emitted by Button, re-emitted by all *Menu* widget ; DropDownMenu now have the option 'clearColumnMenuOnSubmit' (boolean) that clear the drop down column menu on submit (on 'submit' then and once 'blinked')
cbbca24 Button: submitOnce option
0a7be4e Button: fixed more .setContent() bugs
998bcee Button: fixed some .setContent() bugs
6c901d6 Button: fixed some .setContent() bugs
83df58b Button: fixed some .setContent() bugs
32c50f3 Fix Linux Console default BG color
b46bbbc wip
3988474 wip: per-status button content in ColumnMenu (but I'm not sure if it will be finished, to complicated with pagination)
2b3067b wip: button with per-status content
d909f6e Markup: add special reset that also reset forced attr (document-model) ([Snyk] Security upgrade tinymce from 5.6.0 to 5.9.0 #144)
a57ad61 wip