[Snyk] Upgrade snyk from 1.372.0 to 1.391.1

[snyk-bot]

Snyk has created this PR to upgrade snyk from 1.372.0 to 1.391.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 32 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2020-09-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Remote Memory Exposure SNYK-JS-BL-608877	385/1000 Why? CVSS 7.7	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: snyk

• 1.391.1 - 2020-09-07
  

  1.391.1 (2020-09-07)

  Bug Fixes

  • mvnw incorrect execution path (6914f77)
• 1.391.0 - 2020-09-07
  

  1.391.0 (2020-09-07)

  Features

  • Adding '--platform' flag to 'snyk container' commands (83641ca)
• 1.390.0 - 2020-09-07
  

  1.390.0 (2020-09-07)

  Features

  • remove yarn2 support (210408e)
• 1.389.0 - 2020-09-04
  

  1.389.0 (2020-09-04)

  Features

  • exit code 3 for no detected projects (9151ff0)
• 1.388.0 - 2020-09-02
  

  1.388.0 (2020-09-02)

  Bug Fixes

  • remove new line to prevent bad spinner clearing (fade21a)

  Features

  • use snyk-gradle-plugin@3.6.2 that sends back project targetFile (5720a16)
• 1.387.1 - 2020-09-01
  

  1.387.1 (2020-09-01)

  Bug Fixes

  • pin broken needle dependency (7a04ad2)
• 1.387.0 - 2020-09-01
  

  1.387.0 (2020-09-01)

  Features

  • log detected orphaned gradle files + test (d323180)
  • return all files detected from find() (77d11ba)
  • return object with files from find-files (cbdbcd3)
  • use cli-interface with TargetFile in meta (53a90d4)
• 1.386.0 - 2020-08-28
  

  1.386.0 (2020-08-28)

  Features

  • handle empty package.json dependencies without error (a234c41)
• 1.385.2 - 2020-08-28
  

  1.385.2 (2020-08-28)

  Bug Fixes

  • ignore broken files during cpp scan (801535a)
• 1.385.1 - 2020-08-28
  

  1.385.1 (2020-08-28)

  Bug Fixes

  • test dependencies scan result type (a3438c0)
• 1.385.0 - 2020-08-26
• 1.384.0 - 2020-08-25
• 1.383.1 - 2020-08-25
• 1.383.0 - 2020-08-25
• 1.382.1 - 2020-08-25
• 1.382.0 - 2020-08-24
• 1.381.2 - 2020-08-23
• 1.381.1 - 2020-08-20
• 1.381.0 - 2020-08-20
• 1.380.0 - 2020-08-19
• 1.379.2 - 2020-08-19
• 1.379.1 - 2020-08-19
• 1.379.0 - 2020-08-19
• 1.378.0 - 2020-08-18
• 1.377.2 - 2020-08-18
• 1.377.1 - 2020-08-17
• 1.377.0 - 2020-08-17
• 1.376.0 - 2020-08-17
• 1.375.0 - 2020-08-17
• 1.374.0 - 2020-08-14
• 1.373.1 - 2020-08-12
• 1.373.0 - 2020-08-11
• 1.372.0 - 2020-08-10

from snyk GitHub release notes

Commit messages

Package name: snyk

• dae8ade Merge pull request ## [Codecov](https://app.codecov.io/gh/nodejs/node/pull/59571?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=nodejs) Report actions/setup-node#1391 from snyk/fix/snyk-mvn-plugin
• 6914f77 fix: mvnw incorrect execution path
• bcd6484 Merge pull request sudo apt update sudo apt install gh ti wallet-contract  actions/setup-node#1389 from snyk/feat/add-platform-flag-for-container-command
• f95b4bd Merge pull request Delete .eslintrc.js actions/setup-node#1376 from snyk/feat/remove-yarn-2-support-to-reenable-node-8
• 83641ca feat: Adding '--platform' flag to 'snyk container' commands
• 210408e feat: remove yarn2 support
• 4d30f5f Merge pull request Bug report actions/setup-node#1386 from snyk/feat/exit-code-for-no-projects
• 7c76be1 chore: update helptext with new exit code
• ed2aab1 test: mount empty fixture for Alpine smoke test
• 809a73f test: refactor & test exit codes
• 9151ff0 feat: exiut code 3 for no detected projects
• 945722f Merge pull request Bump @typescript-eslint/parser from 5.62.0 to 8.44.1 actions/setup-node#1383 from snyk/feat/bump-gradle-plugin
• fade21a fix: remove new line to prevent bad spinner clearing
• 5720a16 feat: use snyk-gradle-plugin@3.6.2 that sends back project targetFile
• 6b262ed Merge pull request be7591f> actions/setup-node#1380 from snyk/feat/smoke-test
• 53e40e5 chore: update monitor smoke test description
• 324d738 Merge pull request Remove redundant direct dependency 'jest-each' actions/setup-node#1379 from snyk/fix/pin-needle
• c470cec chore: add smoke test for monitor command
• 7a04ad2 fix: pin broken needle dependency
• a99ac29 Merge pull request Update setup-node action version from v5 to v4 actions/setup-node#1355 from snyk/feat/log-unprocessed-manifests
• 6e168de Merge pull request Bump @typescript-eslint/eslint-plugin from 5.62.0 to 8.44.0 actions/setup-node#1372 from snyk/feat/handle-empty-package-json
• a234c41 feat: handle empty package.json dependencies without error
• 2780cac chore: move getFileContents to a helper file
• d323180 feat: log detected orphaned gradle files + test

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[pull-assistant]

Best reviewed: commit by commit

---

Optimal code review plan

     fix: upgrade snyk from 1.372.0 to 1.391.1

Powered by Pull Assistant. Last update 037ea30 ... 037ea30. Read the comment docs.