parcel-plugin-prerender icon indicating copy to clipboard operation
parcel-plugin-prerender copied to clipboard

Published 20 hours ago verified publisher icon ABuffSeagull

[Snyk] Security upgrade htmlnano from 0.2.6 to 1.0.0

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: htmlnano The new version differs by 122 commits.
  • b8f0645 Update links to releases in CHANGELOG
  • 89311da Release 1.0.0
  • c50dfd0 Add 1.0.0 to CHANGELOG
  • 2814a46 Update minifySvg doc according to new SVGO@2
  • feffafe Update removeUnusedCss doc according to new PurgeCSS@4
  • 6c3f576 Upgrade dependencies
  • 3c8ccc8 Merge pull request #140 from pioug/svgo
  • e713841 Update svgo@2
  • 92d7a07 Merge pull request #139 from pioug/cssnano
  • 6838ace Merge pull request #138 from pioug/purgecss
  • 830721b Update cssnano@5
  • f05c780 Update purgecss@4
  • 3bd81bb Release 0.2.9
  • 003cfa7 Describe 0.2.9 version in CHANGELOG
  • d56b118 Adapt minifyJs to terser@5
  • 6a75933 Upgrade dependencies
  • ce0f119 Merge pull request #135 from posthtml/milestone-0.2.9
  • 554cc9e test: for type module
  • 66b3f9f perf: add type module
  • d951074 Remove tab chars from examples
  • 41b4e3f Merge pull request #130 from SukkaW/fix-129
  • b279d46 Fix: minify svg correctly (#129)
  • c40c99b Merge pull request #126 from SukkaW/perf-minifyjs
  • 59b6788 Perf: improve the performance of minifyJs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Apr 18 '21 02:04 snyk-bot