libreact
libreact copied to clipboard
Published
20 hours ago •
MailOnline
MailOnline
[Snyk] Fix for 2 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
|
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp
The new version differs by 134 commits.- 55eb23a Release: 4.0.0
- 173a532 Docs: Fix the installation instructions
- ec54d09 Docs: Improve note about out-of-date docs
- 03b7c98 Docs: Update recipes to install gulp@next
- 2eba29e Docs: Remove run-sequence from recipes
- 76eb4d6 Docs: Add installation instructions & update badges
- fbc162f Docs: Remove references to gulp-util
- 3011cf9 Scaffold: Normalize repository
- f27be05 Update: Remove graceful-fs from test suite
- 361ab63 Upgrade: Update glob-watcher
- 064d100 Build: Avoid broken node 9
- 057df59 Release: 4.0.0-alpha.3
- c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
- 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
- 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
- 723cbc4 Docs: Fix syntax in recipe example (#1715)
- d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
- 29ece6f Upgrade: Update undertaker
- e931cb0 Docs: Fix changelog typos (#1696)
- 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
- d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
- 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
- 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
- c3dbc10 Docs: Clarify incremental builds example (#1609)
Package name: semantic-release
The new version differs by 194 commits.- 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
- af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
- 6c7e4be docs: add semantic-release-helm plugin (#1713)
- c177d4b docs: add semantic-release-pypi plugin (#1707)
- eb70823 docs: add semantic-release-license-plugin (#1701)
- 885d87a feat(docs): note that publish token is required (#1700)
- f8f8fbc fix: escape uri encoded symbols (#1697)
- c8d38b6 style: removed line breaks to align with xo rule (#1689)
- ca90b34 fix: mask secrets when characters get uri encoded
- 63fa143 docs(plugins): add listing for new plugin (#1686)
- 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
- 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
- d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
- 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
- b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
- 18e35b2 docs: reorder default plugins list (#1650)
- e35e5bb docs(contributing): fix commit message examples (#1648)
- 311c465 docs(README): welcome @ travi, add alumni section
- b4c5d0a fix: add logging for when ssh falls back to http (#1639)
- c982249 docs(contributing): typo fix (#1638)
- 9635f50 docs: improve github actions recipe on git plugin (#1626)
- d036a89 ci(docs): use actions/checkout@v2 (#1620)
- 9303d1d docs(resources.md): added more sematnic release article (#1610)
- b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
