New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 6 vulnerabilities #59

Open

marxian wants to merge 1 commit into develop from snyk-fix-d6c5eca8543c5a771c18cd462762bf08

marxian commented Dec 3, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 81 commits.

0afeb5c 1.6.0
2805dc3 Merge pull request #1750 from gruntjs/dep-update-jan28
3f1e423 README updates
8fd096d Bump to 16
42c5f95 Update more deps
1d88050 Bump eslint and node version
82d79b8 1.5.3
572d79b Merge pull request #1745 from gruntjs/fix-copy-op
58016ff Patch up race condition in symlink copying.
0749e1d Merge pull request #1746 from JamieSlome/patch-1
69b7c50 Create SECURITY.md
ac667b2 1.5.2
7f15fd5 Update Changelog
b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
433f91b Clean up link handling
d5969ec 1.5.1
ad22608 Merge pull request #1742 from gruntjs/update-symlink-test
0652305 Fix symlink test
a7ab0a8 1.5.0
b2b2c2b Updated changelog
3eda6ae Merge pull request #1740 from gruntjs/update-deps-22-10
47d32de Update testing matrix
2e9161c More updates
04b960e Remove console log

See the full diff

Package name: grunt-cli

The new version differs by 5 commits.

2293dc5 1.4.0
bbc4400 Update changelog
3fa5bf6 Ignore package-lock
c271173 Update deps, switch to actions (#141)
84ebcb8 Bump deps, required node version and ci (#137)

See the full diff

Package name: grunt-contrib-concat

The new version differs by 8 commits.

9e0f72f 2.0.0
de2b0e9 Merge pull request #192 from gruntjs/release-2
2f2aeff Release docs
63a42a8 Merge pull request #191 from gruntjs/update-deps-oct
4c4fab8 Update CI
71d6edd Update dependencies
9054b14 Merge pull request #176 from alexjking/fix-browserify-sourcemap-regex
b1cf785 fix(sourcemap-regex): fix regex to match browserify sorucemap charset

See the full diff

Package name: grunt-contrib-cssmin

The new version differs by 9 commits.

3ff3635 v4.0.0.
a62ac0e package.json: switch to the caret operator for clean-css
f8b6a7b Adds "no rebase" test case.
5c05f6b Updates clean-css dependency to version 5.
83b0c2f Update all dependencies except clean-css
e6dc6f8 Bump lodash from 4.17.15 to 4.17.19 (#305)
efa725b Bump underscore.string from 3.3.4 to 3.3.5 (#303)
6d57138 Merge pull request #302 from gruntjs/dependabot/npm_and_yarn/lodash-4.17.15
866523c Bump lodash from 4.17.10 to 4.17.15

See the full diff

Package name: grunt-contrib-less

The new version differs by 8 commits.

8842e4f v2.1.0
51d03a3 Remove tabs
57256e0 Update more deps (#357)
e7a6d59 Remove extra tabs
25062cf Update more deps
b8785aa Switch to Github actions, update deps (#356)
94533ed Add a process option to the compiler (#349)
7e8057c Updating lodash patch 4.17.11 (#348)

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 20 commits.

a3f3f34 5.2.1
3c8d904 Update Readme
0850dcd update dependencies (#568)
c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
98b4c5f Fix documentation in relation to issue #565 (#566)
7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
e410511 Update deps, v5.1.0 (#564)
2cb31be Update uglify-js to v3.15.2 (#562)
12ca0f2 Fix wording in README.md (#560)
1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
0e4b1a0 Update uglify-js (#557)
9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
4e83e45 Update UglifyJS to 3.13.3 (#554)
8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
14b71da v5.0.0
9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
b7bcde4 Delete .travis.yml
cba2631 Delete appveyor.yml
3dc53f0 ini github workflow

See the full diff

Package name: handlebars

The new version differs by 52 commits.

7adc19a v4.7.4
9dd8d10 Update release notes
4671c4b Use tmp directory for files written during tests
e46baa1 tasks/test-bin.js: Delete duplicate test
c491b4e Revert "Update release-notes.md"
738391a Update release-notes.md
80c4516 chore: add unit tests for cli options (#1666)
d79212a fix: migrate from optimist to yargs (#1666)
b440c38 chore: ignore external @ types in tests
2dba7ee docs: fix comparison link
c978969 v4.7.3
9278f21 Update release notes
d78cc73 Fixes spelling and punctuation
4de51fe Add Type Definition for Handlebars.VERSION, Fixes #1647
a32d05f Include Type Definition for runtime.js in Package
ad63f51 chore: add missing "await" in aws-s3 publishing code
586e672 v4.7.2
f0c6c4c Update release notes
a4fd391 chore: execute saucelabs-task only if access-key exists
9d5aa36 fix: don't wrap helpers that are not functions
14ba3d0 v4.7.1
4cddfe7 Update release notes
f152dfc fix: fix log output in case of illegal property access
3c1e252 fix: log error for illegal property access only once per property

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution


          fix: package.json to reduce vulnerabilities

bd0cc0e

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet