Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade grunt-contrib-less from 0.12.0 to 1.0.0 #111

Open
wants to merge 1 commit into
base: 2.0
Choose a base branch
from
Open

[Snyk] Security upgrade grunt-contrib-less from 0.12.0 to 1.0.0 #111

wants to merge 1 commit into from

Conversation

adamlaska
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-QS-3153490		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt-contrib-less The new version differs by 17 commits.
  • 14c6106 1.0.0
  • 59861bf Merge pull request #222 from gruntjs/v2
  • 4b4d523 Update appveyor.yml.
  • 545ea43 remove maxmin and the report option
  • 55cffac Upgrade to v2
  • 1aacefa Merge pull request #226 from gruntjs/appveyor
  • a845bc4 Tweak AppVeyor testing.
  • 7d4a14d Update to grunt-contrib-interal v0.4.11.
  • f9bcc1b Merge pull request #225 from gruntjs/jshint
  • 3e0ada7 Add `jshint` in test target.
  • 19b09f0 Tweak JSHint options.
  • dfcf49b Merge pull request #223 from Cyberitas/master
  • 0984c78 Fixed issue where source map filename was always required, even when parsing multiple files
  • 7192b05 Merge pull request #217 from XhmikosR/deps
  • 034d5fd Update all dependencies.
  • e2fdb85 Merge pull request #218 from XhmikosR/readme
  • 514f716 Update README.md.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
2360e1a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-3153490
@google-cla
Copy link

google-cla bot commented Dec 5, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@adamlaska adamlaska mentioned this pull request Apr 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamlaska @snyk-bot