[Snyk] Upgrade lockfile-lint from 4.7.6 to 4.10.1

[snyk-bot]

Snyk has created this PR to upgrade lockfile-lint from 4.7.6 to 4.10.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-02-13.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-JSON5-3182856	427/1000 Why? Proof of Concept exploit, CVSS 6.4	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	427/1000 Why? Proof of Concept exploit, CVSS 6.4	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: lockfile-lint

• 4.10.1 - 2023-02-13
  

  [email protected]

• 4.10.0 - 2022-12-26
  

  [email protected]

• 4.9.6 - 2022-10-08
  

  [email protected]

• 4.9.5 - 2022-09-30
  

  [email protected]

• 4.9.4 - 2022-09-27
  

  [email protected]

• 4.9.3 - 2022-09-26
• 4.9.2 - 2022-09-26
• 4.9.1 - 2022-09-26
• 4.9.0 - 2022-09-26
• 4.8.0 - 2022-08-10
• 4.7.7 - 2022-07-22
• 4.7.6 - 2022-07-02

from lockfile-lint GitHub release notes

Commit messages

Package name: lockfile-lint

• 969ed05 chore(release): publish
• 579bef2 docs: fix typo (How can we reduce 404's nodejs/nodejs.org#153)
• 3ae9b8c chore(release): publish
• d4cf64d feat: add support for yarn berry lockfiles (Rename repo to nodejs.org nodejs/nodejs.org#147)
• 144dc55 chore(release): publish
• 8f7e4c7 fix: cli parsing - handle correctly false value for validator (Made code spans more visible nodejs/nodejs.org#146)
• cb38c10 chore(release): publish
• a29d18b fix(integrity): rename command-line argument from `--validate-integrity-sha512` to `--validate-integrity` (/about/working-groups anchors don't work nodejs/nodejs.org#144)
• 6d689bd chore(release): publish
• c4180ef chore(repository): defined `repository.path` property in `package.json` (moved events into its own page due to the growing list nodejs/nodejs.org#142)
• aff1c57 chore(release): publish
• 5195357 chore: updating yarn.lock
• 1ae82a3 chore: upgrade cosmiconfig from 6.0.0 to 7.0.1 ([Snyk] Security upgrade @sentry/nextjs from 7.91.0 to 8.32.0 #118)
• 7f5f84e chore: upgrade object-hash from 2.2.0 to 3.0.0 ([Snyk] Security upgrade postcss-mixins from 9.0.4 to 11.0.0 #116)
• bc9ffec chore(release): publish
• ab2ee5d fix: too noisy error messages (asynchronously loading the webfont + caching it nodejs/nodejs.org#139)
• 5676d82 chore(release): publish
• a188cbe chore: update codecov action to v3 because v1 is deprecated (Add: Code + Learn page in Get Involved section nodejs/nodejs.org#140)
• d917218 chore(release): publish
• 46d0fa7 feat(validator): add new integrity hash type validator (Add category information to blogpost meta nodejs/nodejs.org#135)
• af23496 chore(release): publish
• 4667c3d feat: add format options for report output (Change date format on blog nodejs/nodejs.org#134)
• a69c63c chore(release): publish
• 48a93a2 docs: add references of lockfile injection (remove mailing list from discussion section in get-involved nodejs/nodejs.org#132)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs