[Snyk] Fix for 18 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • website/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	464/1000 Why? Has a fix available, CVSS 5	Cross-site Scripting (XSS) SNYK-JS-HEXO-1932976	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Cross-site Scripting (XSS) SNYK-JS-STRIPTAGS-1312310	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hexo

The new version differs by 250 commits.

• c749815 Hexo 6.0.0 (Bump tough-cookie from 4.1.2 to 4.1.3 transloadit/uppy#4750)
• 5977928 chore: bump actions/stale from 3 to 4 (Upgrading today from "@sveltejs/kit": "1.30.0" to "@sveltejs/kit": "2.0.0" I'm getting a warning transloadit/uppy#4828)
• 8ac908a Cleanup dependabot (fix clean script transloadit/uppy#4820)
• 11b145c Switch to picocolors (@uppy/dashboard: fix TypeError when file.remote is nullish transloadit/uppy#4825)
• 3ed6fd9 fix(post): escape swig full tag with args (@uppy/core: resolve some (breaking) TODOs transloadit/uppy#4824)
• 902cd70 chore: bump sinon from 11.1.2 to 12.0.1 (Migrate to AWS-SDK V3 syntax transloadit/uppy#4810)
• 0c6380c refactor: native Array.flat() (@uppy/utils: fix import in test files transloadit/uppy#4806)
• ed0f239 perf(tag/helper): memoize (Revert "@uppy/react: add useUppyState (#4711)" transloadit/uppy#4789)
• 2ec4f63 chore: bump eslint from 7.32.0 to 8.0.0 (Fix onBeforeFileAdded with Golden Retriever transloadit/uppy#4799)
• 0f534b2 chore: bump hexo-log from 2.0.0 to 3.0.0 (upload complete event missing files after retry with aws-s3 multipart transloadit/uppy#4794)
• 098cf0a perf(external_link): optimize regexp (Release: uppy@3.19.1 transloadit/uppy#4790)
• 02cbfe3 fix(processor): remove race condition failsafe (Undefined "uploadRemoteFile" when using RemoteSources transloadit/uppy#4791)
• 9edbc99 fix(#4780): empty tag name correction (meta: improve js2ts script transloadit/uppy#4786)
• b56ba65 refactor/perf: use nanocolors (fix(@uppy/dashboard): fix wrong option type in index.d.ts transloadit/uppy#4788)
• b3bd7d4 chore: bump husky from 4.3.8 to 7.0.2 (dynamic S3 bucket doesnt work with Google Drive provider transloadit/uppy#4763)
• 9c9b2a5 fix(#4780): curly brackets (meta: fix build of TypeScript plugins transloadit/uppy#4784)
• a342422 perf: overall improvements (@uppy/react's new useUppyState breaking support for React 16/17? transloadit/uppy#4783)
• 6f702fc feat: load hexo plugin in the theme's package.json (don't cancel all files when clicking "done" transloadit/uppy#4771)
• a2ec6b2 feat(open_graph): different URLs for og:image and twitter:image (@uppy/aws-s3-multipart: fix TypeError transloadit/uppy#4748)
• 0c979bf refactor(post): use state machine to escape swig tag (#4780)
• 67fc844 doc: add homebrew install (Check dimensions when user select a file transloadit/uppy#4724)
• 6164db1 chore: bump sinon from 10.0.1 to 11.1.2 (@uppy/dashboard does not provide an export named 'Dashboard' rails 7.1 transloadit/uppy#4747)
• c18d575 chore: bump mocha from 8.4.0 to 9.1.1 (@uppy/transloadit: always create one assembly instead of determining per file transloadit/uppy#4765)
• bb61f15 chore: drop Node 10 (@uppy/locales: use TypeScript for source files transloadit/uppy#4779)

See the full diff

Package name: hexo-renderer-ejs

The new version differs by 38 commits.

• 8dd9fda V2 ([Snyk] Fix for 1 vulnerabilities #45)
• deabc8b chore(deps-dev): bump eslint from 7.32.0 to 8.1.0 ([Snyk] Fix for 1 vulnerabilities #49)
• 5af7160 chore(deps-dev): bump mocha from 8.4.0 to 9.1.0 ([Snyk] Fix for 1 vulnerabilities #44)
• 6beb035 Drop node 10 ([Snyk] Fix for 1 vulnerabilities #46)
• 81c9307 Upgrade to GitHub-native Dependabot ([Snyk] Fix for 1 vulnerabilities #39)
• 09cb553 chore(deps-dev): bump mocha from 7.2.0 to 8.0.1 ([Snyk] Fix for 1 vulnerabilities #38)
• ddacbfd chore(deps-dev): bump eslint from 6.8.0 to 7.0.0 ([Snyk] Fix for 1 vulnerabilities #37)
• 8c2415d chore(deps-dev): bump hexo-fs from 2.0.0 to 3.0.1 ([Snyk] Fix for 1 vulnerabilities #35)
• 0b24ab5 chore(deps-dev): bump mocha from 6.2.3 to 7.1.2 ([Snyk] Fix for 1 vulnerabilities #36)
• 5ab0f81 chore(deps-dev): bump nyc from 14.1.1 to 15.0.0 ([Snyk] Fix for 1 vulnerabilities #29)
• 80c3ef3 chore(deps-dev): bump eslint-config-hexo from 3.0.0 to 4.0.0 ([Snyk] Fix for 1 vulnerabilities #28)
• cc5e1b6 chore(deps): bump ejs from 2.7.4 to 3.0.1 ([Snyk] Fix for 1 vulnerabilities #26)
• 2f17874 test: update to new include syntax ([Snyk] Fix for 1 vulnerabilities #27)
• 40dd2ce Merge pull request [Snyk] Fix for 1 vulnerabilities #24 from curbengh/1.0.0
• 993f912 Merge pull request [Snyk] Fix for 1 vulnerabilities #25 from hexojs/dependabot/npm_and_yarn/hexo-fs-tw-2.0.0
• 835bf57 chore(deps-dev): update hexo-fs requirement from ^1.0.0 to ^2.0.0
• 54fb943 docs(readme): add npmjs link ([Snyk] Fix for 1 vulnerabilities #23)
• 2ae8360 release: 1.0.0
• 50c43fb test: replace istanbul with nyc ([Snyk] Fix for 1 vulnerabilities #21)
• 105d010 chore(deps-dev): update eslint requirement from ^5.8.0 to ^6.0.1 ([Snyk] Fix for 1 vulnerabilities #19)
• a3a3730 chore: drop node 6 ([Snyk] Fix for 1 vulnerabilities #20)
• 4b32f7c chore: specify files ([Snyk] Fix for 1 vulnerabilities #22)
• 7e98c2d chore(deps-dev): update mocha requirement from ^5.2.0 to ^6.0.2 ([Snyk] Security upgrade ecstatic from 3.3.2 to 4.1.4 #17)
• ce33ee8 Merge pull request [Snyk] Fix for 2 vulnerabilities #14 from hexojs/dependabot/npm_and_yarn/mocha-tw-5.2.0

See the full diff

Package name: hexo-renderer-marked

The new version differs by 177 commits.

• 4304601 chore: bump version from 4.1.0 to 5.0.0 ([Snyk] Security upgrade @uppy/companion from 0.17.5 to 5.1.1 #220)
• 9c48448 chore(deps): bump marked from 3.0.8 to 4.0.1 ([Snyk] Fix for 23 vulnerabilities #214)
• 20e9d00 chore(deps-dev): bump eslint-config-hexo from 4.2.0 to 5.0.0 ([Snyk] Security upgrade express from 4.17.1 to 4.20.0 #219)
• 568e5e9 refactor: call parent class url tokenizer method ([Snyk] Security upgrade express from 4.17.1 to 4.21.0 #218)
• 76ee3bc chore(deps-dev): bump hexo from 5.4.0 to 6.0.0 ([Snyk] Fix for 4 vulnerabilities #217)
• 4bc71b4 chore(deps): bump jsdom from 18.1.1 to 19.0.0 ([Snyk] Fix for 9 vulnerabilities #215)
• ae51afc chore(deps-dev): bump eslint from 7.32.0 to 8.0.0 ([Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #211)
• 3bcb483 chore(deps): bump jsdom from 17.0.0 to 18.0.0 ([Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #212)
• 36b1c14 Explain security risk of using this plugin ([Snyk] Security upgrade hexo from 3.8.0 to 5.0.0 #210)
• 8767792 chore(deps): bump marked from 2.1.3 to 3.0.4 ([Snyk] Security upgrade socket.io-client from 2.2.0 to 2.4.0 #208)
• 4f21623 Enable prependRoot by default ([Snyk] Security upgrade watchify from 3.11.1 to 4.0.0 #203)
• 62e6f7f chore(deps): bump jsdom from 16.7.0 to 17.0.0 ([Snyk] Upgrade preact from 8.2.9 to 8.5.3 #199)
• 6e2c6a5 Support node >=12 ([Snyk] Fix for 2 vulnerabilities #201)
• 669b057 chore: release v4.1.0 ([Snyk] Upgrade preact from 8.2.9 to 8.5.3 #198)
• 6f6a774 Add DOMPurify to sanitize HTML ([Snyk] Security upgrade hexo from 3.8.0 to 7.2.0 #196)
• d5df309 Support Node v16 ([Snyk] Security upgrade hexo-renderer-ejs from 0.3.1 to 2.0.0 #197)
• 9edadff chore(deps-dev): bump mocha from 8.4.0 to 9.0.3 ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #195)
• 6009a7e Upgrade to GitHub-native Dependabot ([Snyk] Security upgrade snyk from 1.299.0 to 1.685.0 #188)
• 2602b92 release: v4.0.0 ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #184)
• 57d9d8b chore: update build badge on README ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #185)
• 758e237 chore(deps): bump marked from 1.2.9 to 2.0.0 ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #183)
• 6141432 docs: fix small typo ([Snyk] Fix for 14 vulnerabilities #180)
• f9758c1 merge([Snyk] Security upgrade snyk from 1.299.0 to 1.685.0 #179): from sukkaw/descriptionLists into master
• cef1743 docs: descriptionLists option

See the full diff

Package name: hexo-server

The new version differs by 99 commits.

• 0ffb748 chore: bump version from 2.0.0 to 3.0.0 ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #195)
• 2f6e4b8 chore(docs): update badges ([Snyk] Security upgrade @uppy/companion from 0.17.5 to 4.13.1 #194)
• 9d582d6 refactor: use the WHATWG URL API instead of `url.format` ([Snyk] Security upgrade express from 4.17.1 to 4.19.2 #193)
• b79c72b chore(deps): bump mime from 2.5.2 to 3.0.0 ([Snyk] Security upgrade snyk from 1.299.0 to 1.685.0 #181)
• 00c2027 chore: drop nodejs 10.x ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #192)
• 6db91dc chore(deps-dev): bump sinon from 11.1.2 to 12.0.1 ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #183)
• 04dd7d6 chore(deps-dev): bump eslint from 8.1.0 to 8.5.0 ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #190)
• 799dd34 chore(deps-dev): bump hexo from 5.4.0 to 6.0.0 ([Snyk] Security upgrade expo from 32.0.6 to 50.0.0 #191)
• a253e04 chore(deps): bump open from 8.3.0 to 8.4.0 ([Snyk] Security upgrade snyk from 1.299.0 to 1.685.0 #179)
• bf2da7a Cleanup dependant config
• f33dc00 chore(deps-dev): bump mocha from 8.4.0 to 9.1.3 ([Snyk] Security upgrade watchify from 3.11.1 to 4.0.0 #176)
• 207ae51 chore(deps-dev): bump eslint from 7.32.0 to 8.1.0 ([Snyk] Security upgrade @uppy/companion from 0.17.5 to 4.0.0 #178)
• 27efa8d chore(deps-dev): bump sinon from 10.0.1 to 11.1.2 ([Snyk] Security upgrade snyk from 1.299.0 to 1.685.0 #167)
• 7adcfca Switch to picocolors ([Snyk] Security upgrade expo from 32.0.6 to 45.0.0 #177)
• ecb1a5d chore(deps): bump open from 8.2.1 to 8.3.0 ([Snyk] Security upgrade expo from 32.0.6 to 49.0.0 #172)
• 01ef59c refactor: replace chalk with nanocolors ([Snyk] Security upgrade hexo-filter-github-emojis from 2.1.0 to 3.0.0 #171)
• 6048415 feat: check if header has already been set ([Snyk] Fix for 1 vulnerabilities #49)
• 14f5592 chore(deps-dev): bump supertest from 5.0.0 to 6.1.3 ([Snyk] Fix for 2 vulnerabilities #147)
• c3294cf fix: send correct MIME for rss file ([Snyk] Fix for 1 vulnerabilities #145)
• cc1ff81 chore(deps): bump open from 7.4.2 to 8.0.9 ([Snyk] Security upgrade @uppy/companion from 0.17.5 to 4.0.0 #159)
• 5a786bd chore(deps-dev): bump sinon from 9.2.4 to 10.0.1 ([Snyk] Fix for 1 vulnerabilities #154)
• 95ec110 Upgrade to GitHub-native Dependabot ([Snyk] Security upgrade socket.io-client from 2.2.0 to 3.0.0 #157)
• 571d235 chore(deps-dev): bump supertest from 4.0.2 to 5.0.0 ([Snyk] Fix for 2 vulnerabilities #141)
• 5693469 Merge pull request [Snyk] Fix for 1 vulnerabilities #140 from curbengh/v2.0.0

See the full diff

Package name: hexo-util

The new version differs by 250 commits.

• f90fd44 Merge pull request [Snyk] Security upgrade hexo-renderer-ejs from 0.3.1 to 2.0.0 #197 from curbengh/2.0.0
• c5caf2c release: 2.0.0
• b990b8f refactor: drop Node.js 8 ([Snyk] Security upgrade expo from 32.0.6 to 50.0.0 #191)
• 20a3c1b Merge pull request [Snyk] Security upgrade hexo from 3.8.0 to 7.2.0 #196 from curbengh/sublang-highlight
• 022266f docs(highlight): warn 'autoDetect' usage
• 1f3e562 docs(highlight): 'sublanguage highlight' requirement
• efe1fec fix: avoid overriding Transform.destroy() method ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #195)
• 1b3aa01 chore(deps): bump highlight.js from 9.18.1 to 10.0.0 ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #192)
• 31f74a5 ci(travis): drop Node 8 and add Node 14 ([Snyk] Security upgrade express from 4.17.1 to 4.19.2 #193)
• 5b14fd2 chore(deps-dev): bump rewire from 4.0.1 to 5.0.0 ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #187)
• 48788a7 docs: add isExternalLink JSDoc ([Snyk] Security upgrade snyk from 1.299.0 to 1.996.0 #190)
• 595aaab Merge pull request [Snyk] Security upgrade expo from 32.0.6 to 33.0.0 #182 from YoshinoriN/1.9.0
• 2496d1f Merge pull request [Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #183 from SukkaW/fix-is-external-filter
• 771f8ba fix(prism): add strip_indent support ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #184)
• e81733c Merge pull request [Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #185 from YoshinoriN/add-release-drafter
• 24c4f37 chore: add release release-drafter
• 544a6f6 Merge pull request [Snyk] Security upgrade snyk from 1.299.0 to 1.518.0 #175 from curbengh/tocobj-child
• 38a0e5f fix(tocobj): parse permalink if no text
• 6f796aa fix(tocObj): return empty string
• 6b18598 fix(tocObj): skip permalink symbol
• 2a9a5ba perf(is_ecternal_link): absolute url detection
• 7e5633a fix(highlight): make highlight more robust ([Snyk] Security upgrade hexo-filter-github-emojis from 2.1.0 to 3.0.0 #171)
• 8615f15 refactor(toc_obj): simplify the code ([Snyk] Security upgrade snyk from 1.299.0 to 1.685.0 #181)
• 12bdb3a fix(is_external_link): handle invalid url

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (Newbie don't know how to use it... transloadit/uppy#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (Transloadit doesn't recive the meta from Uppy and metaFields from Dashboard transloadit/uppy#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (AWS-S3-Multipart Complete - InvalidPartOrder: The list of parts was not in ascending order. transloadit/uppy#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (Cannot pick local images/videos on React native transloadit/uppy#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 ([aws-s3-multipart] Expected a companionUrl option containing a Companion address. transloadit/uppy#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (Fix end to end test failures on CI transloadit/uppy#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (Adding support for zoom integration with transloadit transloadit/uppy#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (Ability to specify endpoint per source transloadit/uppy#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (docs: auth setup instructions for Dropbox and Google Drive transloadit/uppy#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (companion: rename microsoft and google options to onedrive and drive respectively transloadit/uppy#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (tus: docs-deprecate autoRetry transloadit/uppy#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (companion: send custom headers to tus uploads transloadit/uppy#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (companion: a few dependency updates transloadit/uppy#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (Adds the ability to upload whole folders to dashboard transloadit/uppy#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (locales: add new strings for Chinese Simplified transloadit/uppy#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (aws-s3-multipart uploads without companion sometimes fail for large size files transloadit/uppy#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: watchify

The new version differs by 9 commits.

• 7b27a3c 4.0.0
• 5d4842a bump deps (core: Fix thumbnails with transparent backgrounds, fixes #379 transloadit/uppy#380)
• b840f29 disable package-lock.json
• bae5e02 update chokidar and anymatch ( xhrupload: stop trying to upload if it stalled  transloadit/uppy#378)
• 3445775 ci: use github actions (thumbnails for images with transparent background look strange transloadit/uppy#379)
• f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (restore: Auto-clean old blobs from IndexedDB transloadit/uppy#369)
• bd2f677 ci: run on more node versions
• 563a90d Merge pull request Remove polyfills from uppy (whatwg-fetch, es6-promise) transloadit/uppy#367 from Trott/update-readme-badge
• bb2b429 chore: Fix Travis-CI badge in readme.markdown

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn