Skip to content
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.

[Snyk] Fix for 1 vulnerabilities #96

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #96

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-nodemon The new version differs by 36 commits.
  • 7fcbc06 NPM audit. Closes #176.
  • 5100088 Merge pull request #174 from JacksonGariety/dependabot/npm_and_yarn/diff-3.5.0
  • 7c0c02e Merge pull request #173 from JacksonGariety/dependabot/npm_and_yarn/growl-1.10.5
  • fe95e64 Merge pull request #172 from JacksonGariety/dependabot/npm_and_yarn/mixin-deep-1.3.2
  • a8d4391 Merge pull request #171 from JacksonGariety/dependabot/npm_and_yarn/lodash-4.17.15
  • 3b01d33 Bump diff from 1.0.8 to 3.5.0
  • 5bd5530 Bump growl from 1.8.1 to 1.10.5
  • c5f4120 Bump mixin-deep from 1.3.1 to 1.3.2
  • f634d93 Bump lodash from 2.4.2 to 4.17.15
  • 028d498 Version bump
  • 5254572 Merge pull request #166 from spencerbeggs/master
  • ef52e08 Merge pull request #164 from aal89/master
  • 1916114 Removes event-stream module
  • 0002c45 Remove yarn.lock
  • 495afda Updates nodemon
  • 8c46ee1 Added lock file and updated gitignore to include to lock file
  • b7cd92d Updated nodemon dependency
  • 54f8778 Removed event-stream
  • 0e5bb86 Locked event-stream to v3.3.4
  • 8ae135f Upgrade depends to avoid flatmap-stream
  • b4234a3 Version bump
  • 033c27b Merge pull request #159 from bennyn/patch-1
  • 7ce2da0 Support Ctrl + C on Windows
  • 1a31fa2 Update nodemon. Remove (erroneously named) "test" folder.

See the full diff

Package name: nunjucks The new version differs by 113 commits.
  • 53d1223 Release v3.2.1
  • 93129bf Replace yargs with commander
  • 17691da Chokidar bump
  • 40dfdf0 Remove dead link
  • cefb1cf Prevent optional dependency Chokidar from loading when not watching
  • 1485a44 Add badges in README.md
  • 2246457 Add Mozilla Code of Conduct file
  • ff5571c Release v3.2.0
  • f997a52 Add NodeResolveLoader
  • 34b0a26 Fix syntax typos in CONTRIBUTING.md
  • 55e0b7a Set dash as joiner element
  • c99154e Update faq.md
  • 1338712 Emit 'load' events on Loader and Environment instances
  • 057e7b3 Add test for line/column info in user-function exception
  • bcf38f3 Emit line and column info for functions
  • fbddcd5 lexer more accurately tracks token line and column information
  • 889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
  • b828158 Fix documentation typo
  • 1370361 v3.1.7
  • 0a65e1f Fixes for replace example
  • 2946fb4 Removed postinstall-build in favor of npm prepare script
  • 9fd5bdb Add link to Plugin syntax highlighting for VSCode
  • 68ba15c Fix bug where exceptions were silently swallowed with synchronous render
  • 7c187ac tests: fix issue running tests on node 10.x

See the full diff

Package name: snyk The new version differs by 250 commits.
  • d7ebe15 Merge pull request #1093 from snyk/feat/bump-deps-to-use-patched-lodash
  • c359e05 feat: patching vulnerable lodash with @ snyk/lodash
  • 39a5284 Merge pull request #1092 from snyk/fix/app-os-cli
  • 71ed530 fix: make sure branch exists
  • c8b4b8e Merge pull request #1090 from snyk/feat/app-os-cli
  • 4b969fd feat: adding target to container projects
  • fccaaae feat: bump docker-plugin to use new format
  • 2961d79 Merge pull request #1089 from snyk/feat/add-reachable-vulns-to-summary
  • 3487ca5 feat: add reachable vulns to the `snyk test` summary line
  • b1d0311 feat: include better user messages for reachable vuln
  • d4db5fe chore: add call graph size to analytics
  • 33fad1c Merge pull request #1079 from snyk/chore/upgrading-vuln-pkg
  • 8df372e fix: cli-server, fake-server and their tests now support Restify v8
  • b59f0b5 Merge pull request #1087 from snyk/feat/experimental-docker-archive
  • 5e627c6 feat: enable experimental docker-archive scanning
  • 3a383f0 Merge pull request #1085 from snyk/feat/update-opn-to-open
  • 1474223 feat: switch to use 'open' since 'opn' is deprecated
  • 0ca8676 Merge pull request #1086 from snyk/chore/fix-prettify
  • 9882190 chore: fix prettify for analytics.js
  • c728ada chore: lint
  • 1e0f0d2 chore: Update Restify to V8
  • 4836982 Merge pull request #1068 from snyk/feat/add-integration-name-to-analytics
  • 6316140 Merge pull request #1084 from snyk/fix/bump-ruby-semver
  • a3ea038 fix: bump ruby-semver to use min Node 8 instead of 10

See the full diff

Package name: standard The new version differs by 250 commits.
  • 558df00 14.3.2
  • a8e318e Add changelog entry for 14.3.2
  • 133a4c9 Merge pull request #1492 from standard/eslint68
  • a2df23b Upgrade ESLint to 6.8.x
  • fb7e2a3 remove sponsor
  • ecda198 Update README.md
  • 4bc1671 Update README.md
  • e514626 add sponsor
  • 2b86c68 spacing
  • a702d2e Reposition CodeFund sponsorship link (#1446)
  • a28b5d0 Reposition CodeFund sponsorship link
  • 0f86fb9 Merge pull request #1445 from ZY2071/master
  • b4726d7 perf: Change the examples for rule 'No octal literals' .
  • 4bdaa2f perf: make the rule 'No octal literals' more specific.
  • f5d758e Update README-ja.md for d901c54 (#1435)
  • be249c3 Update README-ja.md for d901c54
  • cfb84fa Update README.md with working Typescript setup (#1434)
  • f4d3113 Update links to correct organization in README (#1433)
  • d901c54 Update README.md with working Typescript setup
  • 809e78a Update README-ja.md for 3e6b299 (#1432)
  • 91bc8fb Update README-ja.md for 3e6b299
  • 3e6b299 Update README.md
  • d5c7ded Add CodeFund sponsorship message to README (#1425)
  • c4f168e fix typo (#1423)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot