Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

saurabharch
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-LODASH-6139239
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp The new version differs by 134 commits.
  • 55eb23a Release: 4.0.0
  • 173a532 Docs: Fix the installation instructions
  • ec54d09 Docs: Improve note about out-of-date docs
  • 03b7c98 Docs: Update recipes to install gulp@next
  • 2eba29e Docs: Remove run-sequence from recipes
  • 76eb4d6 Docs: Add installation instructions & update badges
  • fbc162f Docs: Remove references to gulp-util
  • 3011cf9 Scaffold: Normalize repository
  • f27be05 Update: Remove graceful-fs from test suite
  • 361ab63 Upgrade: Update glob-watcher
  • 064d100 Build: Avoid broken node 9
  • 057df59 Release: 4.0.0-alpha.3
  • c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
  • 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
  • 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
  • 723cbc4 Docs: Fix syntax in recipe example (#1715)
  • d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
  • 29ece6f Upgrade: Update undertaker
  • e931cb0 Docs: Fix changelog typos (#1696)
  • 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
  • d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
  • 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
  • 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
  • c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-babel The new version differs by 3 commits.

See the full diff

Package name: gulp-eslint The new version differs by 52 commits.
  • 639e388 2.0.0
  • 55f0c29 Update ESLint dependency;
  • c11bba6 Remove rules that have been removed in ESLint@2.0.0-rc.0;
  • 7f01da7 2.0.0-rc-3
  • 5851668 Rename .eslintrc to .eslintrc.yml;
  • e7ba0f2 2.0.0-rc-2
  • 90841cb Tighten various test case configs;
  • 3536eeb Update changeling;
  • cbe6731 2.0.0-rc-1
  • dcdfff7 Update to ESLint next/2.0.0-rc-* dependency;
  • 7f190a6 Fix listing error;
  • adf2180 Fix path in comment
  • 9378eef Simplify the cached-lint watch.js example;
  • 6def722 Merge pull request #121 from 5im0n/update-readme
  • 67fcd75 Update eslint.results in README.md
  • 328cba9 1.1.1
  • ce6125b Migrate baseConfig options before others options;
  • e3b7d1e Merge pull request #119 from ReadmeCritic/master
  • 7146108 Missing anchor
  • 3894f01 Update README URLs based on HTTP redirects
  • b00c579 1.1.0
  • 005862d 1.0.0
  • 4cb6145 Update tests to avoid a regression in ESLint's source-fixer;
  • 7e8c826 Update README to include API updates;

See the full diff

Package name: gulp-istanbul The new version differs by 40 commits.
  • 502855e 1.1.2
  • ac8f966 Add documentation for reportOpts and watermarks (#121)
  • be326d1 Update README.md to warn about gulp-mocha (#120)
  • b0149ac fix(package): update istanbul-threshold-checker to version 0.2.1 (#112)
  • 7ec737a chore(package): update dependencies (#110)
  • b047c82 Update .travis.yml
  • a8dd45e 1.1.1
  • 18ed282 Fix override default reporters (#101)
  • 5aefe19 1.1.0
  • 081c841 Bump dependencies
  • eef2bb3 Update travis covered versions
  • e94f537 Allow passing deep options to the instrumenter. Fix #79
  • d93e057 → Fix common cross-platform issue with file path normalization. (#86)
  • d34854f Commented "supports es6" on isparta instrumenter (#97)
  • 200153d 1.0.0
  • 8a07dbe gulp-sourcemap support (#94)
  • 99432aa Merge pull request #91 from nimrod-becker/master
  • 5e79eb4 Remove opts.resolveAbsolutePaths option, simply don't path.resolve
  • 27be6aa Provide an option to skip path resolution
  • 293cf78 Update documentation Fix #89
  • 5e01abf 0.10.4
  • e9a92b9 Merge pull request #84 from pine613/feature/lodash_v4
  • e012202 Upgrade lodash from v3.x to v4.x
  • 3177d2d 0.10.3

See the full diff

Package name: gulp-sass The new version differs by 65 commits.
  • ee03918 Merge pull request #254 from dlmanning/2.x
  • 598d16f Merge pull request #248 from Snugug/feature/contributing
  • dec985f Merge pull request #253 from Snugug/feature/3.0-bump
  • c033adf ⬆️ Update Node Sass to 3.0
  • 083e6bc 🔥 Remove reference to branch
  • e072993 🔥 Remove Branching Model section
  • ee07858 🎨 Update formatting of CHANGELOG entry
  • 299c18f 📝 Add Contributing guidelines
  • 33aa1f7 Merge pull request #238 from sarenji/2.x
  • 2b21a49 Update to node-sass beta 7
  • c1d629c Allow you to change the compiler and expose it
  • cc2f815 bump node-sass to 3.0.0-beta.4
  • 9b69aaa Merge pull request #228 from Snugug/2.x-datastream
  • b7ade97 Indented Syntax support
  • ad6e6e4 Tests for file rename and file contents change
  • 0fefd16 Updated vars and includePaths based on comments
  • 700ca8d Merge pull request #222 from Keats/filename
  • 5b8d4eb Nope, shouldn't be , should be file name
  • 4c4c3c1 A little bit of source map massaging
  • bea198e Updated Tests
  • 3cdf1a3 Passing file as data
  • 5c7777f Rebase on top of 2.x
  • de6af93 Add a sass file to the inheritance test
  • 25ee16f Replace indent.sass to match an existing issue

See the full diff

Package name: karma The new version differs by 250 commits.
  • db41e8e chore: release v2.0.0
  • 0a1a8ef chore: update contributors
  • 1afcb09 chore: add yarn.lock
  • f64e1e0 Merge pull request #2899 from outsideris/fix-bad-url-in-stacktrace
  • 78ad12f refactor(server): move compile step to first run
  • 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
  • b53929a Merge pull request #2712 from macjohnny/patch-1
  • c9e1ca9 feat: better string representation of errors
  • 10fac07 Merge pull request #2885 from karma-runner/prep-2
  • 00e3f88 chore: remove yarn.lock for now
  • 60dfc5c feat: drop core-js and babel where possible
  • 0e1907d test: improve linting and fix test on node 4
  • af0efda test(e2e): update cucumber step definitions
  • c3ccc5d chore(ci): focus on even node versions
  • bf25094 chore(deps): update to latest
  • d93cc5f docs(config): Document port collision scenario.
  • 871d46f feat(launcher): trim whitespace in browser name
  • 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 7bd54ed Merge pull request #2890 from reda-alaoui/patch-1
  • 91e916a docs(config): Document port collision scenario.
  • 334f9fb feat(launcher): trim whitespace in browser name
  • e23c0d4 Merge pull request #2837 from JakeChampion/logs
  • a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 6d353dc docs: improve comments in config.tpl.*

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants