Skip to content

[Snyk] Fix for 1 vulnerabilities#12

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-593261b76b9cb416add45104b726a3f0
Open

[Snyk] Fix for 1 vulnerabilities#12
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-593261b76b9cb416add45104b726a3f0

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp The new version differs by 134 commits.
  • 55eb23a Release: 4.0.0
  • 173a532 Docs: Fix the installation instructions
  • ec54d09 Docs: Improve note about out-of-date docs
  • 03b7c98 Docs: Update recipes to install gulp@next
  • 2eba29e Docs: Remove run-sequence from recipes
  • 76eb4d6 Docs: Add installation instructions & update badges
  • fbc162f Docs: Remove references to gulp-util
  • 3011cf9 Scaffold: Normalize repository
  • f27be05 Update: Remove graceful-fs from test suite
  • 361ab63 Upgrade: Update glob-watcher
  • 064d100 Build: Avoid broken node 9
  • 057df59 Release: 4.0.0-alpha.3
  • c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
  • 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
  • 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
  • 723cbc4 Docs: Fix syntax in recipe example (#1715)
  • d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
  • 29ece6f Upgrade: Update undertaker
  • e931cb0 Docs: Fix changelog typos (#1696)
  • 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
  • d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
  • 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
  • 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
  • c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-imagemin The new version differs by 35 commits.

See the full diff

Package name: gulp-jscs The new version differs by 4 commits.

See the full diff

Package name: gulp-ng-annotate The new version differs by 7 commits.

See the full diff

Package name: gulp-sass The new version differs by 65 commits.
  • ee03918 Merge pull request #254 from dlmanning/2.x
  • 598d16f Merge pull request #248 from Snugug/feature/contributing
  • dec985f Merge pull request #253 from Snugug/feature/3.0-bump
  • c033adf ⬆️ Update Node Sass to 3.0
  • 083e6bc 🔥 Remove reference to branch
  • e072993 🔥 Remove Branching Model section
  • ee07858 🎨 Update formatting of CHANGELOG entry
  • 299c18f 📝 Add Contributing guidelines
  • 33aa1f7 Merge pull request #238 from sarenji/2.x
  • 2b21a49 Update to node-sass beta 7
  • c1d629c Allow you to change the compiler and expose it
  • cc2f815 bump node-sass to 3.0.0-beta.4
  • 9b69aaa Merge pull request #228 from Snugug/2.x-datastream
  • b7ade97 Indented Syntax support
  • ad6e6e4 Tests for file rename and file contents change
  • 0fefd16 Updated vars and includePaths based on comments
  • 700ca8d Merge pull request #222 from Keats/filename
  • 5b8d4eb Nope, shouldn't be , should be file name
  • 4c4c3c1 A little bit of source map massaging
  • bea198e Updated Tests
  • 3cdf1a3 Passing file as data
  • 5c7777f Rebase on top of 2.x
  • de6af93 Add a sass file to the inheritance test
  • 25ee16f Replace indent.sass to match an existing issue

See the full diff

Package name: wiredep The new version differs by 32 commits.
  • e44d2c9 3.0.1
  • 505fbcd update safe main deps
  • eab46b8 3.0.0
  • 0f5e9b4 Merge pull request #223 from danielsiwiec/master
  • c84c057 Fix a problem with CLI -b argument misbehaving
  • 5339a49 Merge pull request #206 from ahmednuaman/patch-1
  • 1dde839 updated readme to make it clearer than an override can be an array
  • de70dc7 create empty dir
  • 4192963 3.0.0-beta
  • 6fb88e0 continue processing if main file not found - thanks @ george-aprozeanu
  • 02b7410 remove eliteDependencies & magic path detection behavior
  • 571d469 Merge pull request #147 from surgeforward/default-html-type
  • 52bfcab Merge pull request #174 from tubia/patch-1
  • 4091161 Update readme.md
  • 958bccd Merge pull request #188 from rogerbraun/patch-1
  • 3d69ea1 Make it explicit what wiredep does.
  • 5240d50 Merge pull request #186 from pgilad/patch-1
  • b3ac023 update license attribute
  • a1a63ad Update Bower Overrides explanation
  • db78c86 Dealing with Bower package shortcomings
  • 5792887 Restore permissions.
  • 4d8a6a3 Merge branch 'master' into default-html-type
  • 48fb10d Undo tests.
  • f3dacdc Fix borked test.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant