Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #20

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #20

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: eslint The new version differs by 250 commits.
  • 3dd6741 7.0.0
  • 9a722f9 Build: changelog update for 7.0.0
  • b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
  • 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
  • 401a687 Chore: fix rules list for prereleases (#13230)
  • 4ef6158 Breaking: espree@7.0.0 (#13270)
  • b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
  • 356fdb4 Docs: add migration guide (#12692)
  • 015edf6 Sponsors: Sync README with website
  • fdfa364 7.0.0-rc.0
  • 8d1b4db Build: changelog update for 7.0.0-rc.0
  • 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
  • d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
  • 2ce6bed Chore: added tests for nested arrays (#13145)
  • d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
  • 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
  • bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
  • 3eeae56 Upgrade: some (dev) deps (#13155)
  • 6b7030b Chore: Run tests on Node.js v14 (#13210)
  • ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
  • 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
  • 56d2bee Docs: fix typos (#13204)
  • e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
  • e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: npm-bump The new version differs by 30 commits.
  • 87bc44b Tag 0.0.27
  • 7b5564a Fix spacing in commit messages
  • 4a28016 Drop Grunt
  • 06b4ee3 Format package.json as well
  • 73e873b Introduce Prettier
  • ff6c3d7 Bump to 0.0.27-pre
  • 374d03b Tag 0.0.26
  • e9f83ce Inquirer: OTP is not a confirm type
  • 84bd1fb Fix the prompt syntax
  • 01f3b3e Don't try to commit package-lock.json if untracked
  • 24607b1 OTP support
  • 0d26cb2 Add package-lock.json to .gitignore
  • f64aa10 Bump to 0.0.26-pre
  • 32a6dd6 Tag 0.0.25
  • 8d03e99 Modify package-lock.json as well if one exists
  • 20c88bd Bump to 0.0.25-pre
  • 303c197 Tag 0.0.24
  • 558e3da Exit with an error if releaseType not provided
  • 6302d39 Add usage instructions
  • b517ed6 Remove the unsupported suffix parameter
  • 6ec1017 Add back support for `npm-bump --version`
  • 9a1197e Introduce minimist to make it easier to add more options in the future
  • e9a4043 Allow to prefix the messages printed by npm-bump
  • 3cf04e1 Make the project more Windows-compatible

See the full diff

Package name: stylelint The new version differs by 250 commits.
  • c789336 Prepare 10.0.0
  • 70c63e0 Update CHANGELOG.md
  • 9b76cec Fix autofix for single-line comments within maps in value-keyword-case (#4019)
  • 49fa75f Update CHANGELOG.md
  • 6308199 Update CHANGELOG.md
  • 4ca75e7 Throw error on non-existent files unless allow-empty-input is enabled (#3965)
  • 5811b65 chore(package): update prettier to version 1.17.0 (#4025)
  • 7c8d769 Replace Node.js legacy API for URL parsing. Fixes #3803 (#4024)
  • 77c70b5 Update dependencies (#4013)
  • a8f93d6 fix(package): update micromatch to version 4.0.0 (#4015)
  • bfbf462 Update CHANGELOG.md
  • 9efd6f4 Remove `styled` and `jsx` syntax options (#4009)
  • 6ab5e1f Update CHANGELOG.md
  • 2b73704 Add ignore: ["comments"] to block-no-empty (#4008)
  • b6f3057 Update CHANGELOG.md
  • 81f4139 Drop Node.js 6 support (#4006)
  • b4dc965 Fix documentation typos and mistakes (#3922)
  • d66354d Update CHANGELOG.md
  • 4ec7170 Fix false negatives for `isStandardSyntaxDeclaration` (#3933)
  • a174409 fix(package): update string-width to version 4.0.0 (#3991)
  • bdd3685 Update CHANGELOG.md
  • e92d5e0 Fix false positives for negative numbers in function-calc-no-invalid (#3921)
  • 59681a0 Update CHANGELOG.md
  • 35c3f5a Apply rule in the order defined in `lib/rules/index.js` (#3923)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 213226e 4.0.0
  • fde0183 Merge pull request #6081 from webpack/formating/prettier
  • b6396e7 update stats
  • f32bd41 fix linting
  • 5238159 run prettier on existing code
  • 518d1e0 replace js-beautify with prettier
  • 4c25bfb 4.0.0-beta.3
  • dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
  • 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
  • c7eb895 Merge pull request #6452 from webpack/update_acorn
  • 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
  • e52f323 optimize performance of assignDepth
  • 6bf5df5 Fixed template.md
  • 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
  • b0949cb add integration test for spread operator
  • 39438c7 unittest now also walks the ast
  • 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
  • 1611ce1 Merge pull request #6561 from joshunger/patch-1
  • 6e175bc Merge pull request #6549 from webpack/md4_hash
  • 0637531 Add a hyperlink to create a new issue
  • 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
  • 72477f4 upgrade versions to stable versions
  • ed30285 Merge pull request #6546 from webpack/bot/review-permission
  • 40ee8c7 Use MD4 for hashing

See the full diff

Package name: webpack-hot-middleware The new version differs by 106 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
883ce77 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Code under example folder do not work.
1 participant
@snyk-bot