Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #151

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #151

wants to merge 1 commit into from

Conversation

jonathan-fielding
Copy link
Collaborator

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp The new version differs by 250 commits.
  • 55eb23a Release: 4.0.0
  • 173a532 Docs: Fix the installation instructions
  • ec54d09 Docs: Improve note about out-of-date docs
  • 03b7c98 Docs: Update recipes to install gulp@next
  • 2eba29e Docs: Remove run-sequence from recipes
  • 76eb4d6 Docs: Add installation instructions & update badges
  • fbc162f Docs: Remove references to gulp-util
  • 3011cf9 Scaffold: Normalize repository
  • f27be05 Update: Remove graceful-fs from test suite
  • 361ab63 Upgrade: Update glob-watcher
  • 064d100 Build: Avoid broken node 9
  • 057df59 Release: 4.0.0-alpha.3
  • c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
  • 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
  • 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
  • 723cbc4 Docs: Fix syntax in recipe example (#1715)
  • d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
  • 29ece6f Upgrade: Update undertaker
  • e931cb0 Docs: Fix changelog typos (#1696)
  • 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
  • d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
  • 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
  • 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
  • c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-jshint The new version differs by 16 commits.

See the full diff

Package name: karma The new version differs by 227 commits.
  • e780c9d chore: release v0.13.12
  • 383c754 chore: update contributors
  • 2077fd8 Merge pull request #1644 from mstock/docs-jenkins
  • f5781db Merge pull request #1639 from karma-runner/greenkeeper-eslint-plugin-react-3.6.2
  • 7ddbe69 Merge pull request #1645 from karma-runner/greenkeeper-sinon-1.17.2
  • e1e1fb6 Merge pull request #1646 from Dignifiedquire/concurrent
  • ad18ce3 Merge pull request #1648 from FuzzySockets/page-reload-error
  • 033caad fix (client/karma): Set reloading context flag appropriately to avoid full page reload error
  • 1741deb feat(launcher): Add concurrency limit
  • 4ef0c64 chore(package): update sinon to version 1.17.2
  • e906797 docs(jenkins): Update Jenkins documentation
  • b138619 Merge pull request #1642 from nfl/bugfix/https-protocol
  • 142db90 fix(proxy): Pass protocol in target object to enable https requests
  • 935c63f chore(package): update eslint-plugin-react to version 3.6.2
  • 9aceea1 Merge pull request #1638 from karma-runner/greenkeeper-core-js-1.2.2
  • 731cfae chore(package): update core-js to version 1.2.2
  • 3c1369b Merge pull request #1629 from karma-runner/greenkeeper-update-all
  • 21054ab chore(package): update dependencies
  • 6443964 Merge pull request #1626 from DarthCharles/docs-public-api-spelling
  • bbc2c87 chore: Remove reverted commit from changelog
  • a8bcb90 docs: fix typos
  • fff0ed2 chore: release v0.13.11
  • 9508077 chore: update contributors
  • 40b7de6 Merge pull request #1592 from drgould/feature-restartOnFileChange

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
ee6a71d 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonathan-fielding @snyk-bot