AhMyth icon indicating copy to clipboard operation
AhMyth copied to clipboard

Published 20 hours ago verified publisher icon Morsmalleo

[Snyk] Fix for 2 vulnerabilities

Open Morsmalleo opened this issue 9 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • AhMyth-Server/app/node_modules/gulp/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: glob-watcher The new version differs by 4 commits.
  • b593a04 chore: Release 6.0.0 (#82)
  • c8aee92 chore: Normalize repository
  • 8b7eeef chore: Run prettier
  • cbb4b18 chore!: Normalize repository, dropping node <10.13 support (#76)

See the full diff

Package name: gulp-cli The new version differs by 19 commits.
  • e422eb1 chore: Release 3.0.0 (#248)
  • f495154 chore: Renamed prepublish script to manpage
  • affeda9 feat: Add deprecated warning for gulplog v1 messages (#266)
  • f06ff30 feat: Add versioned handler for gulp v5 (#265)
  • e16d675 feat: Support theming and translations via config files (#260)
  • 9a1d013 chore: Augment `task not found` error with helpful properties (#262)
  • e5c7983 chore!: Only allow js variants for `.gulp` config files (#261)
  • ed86da7 feat!: Upgrade to Liftoff v5 and avoid merging flags/config/env (#259)
  • 36f05d5 fix: Ensure the logger is wired up before running liftoff (#258)
  • 4fc66f6 chore: Revert options & yargs parser changes (#257)
  • c70ce34 chore: Move task list helper functions into the logTasks closure (#256)
  • cb03b9a chore!: Remove support for alpha versions of gulp 4 (#255)
  • f71effa chore: Add a test case for config file in current dir (#253)
  • 0a35a9e chore: Remove custom Windows tmpdir logic in test (#252)
  • 7aeee5d chore!: Remove `--verify` flag (#251)
  • 89a67e5 chore(test): Add test for Windows extended-length paths (#225)
  • 3544dc6 chore!: Normalize repository, dropping node <10.13 support (#239)
  • f0c6730 chore(docs): Updated interpret link to point to gulpjs location (#241)
  • da8241e Docs: Add install section to README (#216)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

Morsmalleo avatar May 13 '24 19:05 Morsmalleo