airtng-laravel icon indicating copy to clipboard operation
airtng-laravel copied to clipboard

Published 20 hours ago verified publisher icon TwilioDevEd

[Snyk] Security upgrade laravel-elixir from 3.4.3 to 5.0.0

Open twilio-product-security opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: laravel-elixir The new version differs by 68 commits.
  • 2def8c9 v5.0.0
  • b0bfaf6 Merge pull request #434 from SethTompkins/master
  • 4442316 add cache and package cache browserify options keys by default
  • cc5cab9 Remove some duplication
  • f0491ba Remove gulp-phpspec plugin
  • 5fa4b86 Remove gulp-phpunit - closes #418
  • e2b2a0f Bump gulp-uglify
  • 1a26399 Ignore bang when asserting files exist - closes #429
  • 7881b51 Wrote a test for the scripts to test if my changes broke anything.
  • 589f56c Moved Uglify Config to the Config.js
  • a95c787 Add 4.2.1 notes
  • 419232a v4.2.1
  • 67a046c Merge branch 'parsnick-cssnano-safe'
  • f60df88 Merge branch 'cssnano-safe' of https://github.com/parsnick/elixir into parsnick-cssnano-safe
  • 857c338 Merge pull request #425 from hosmelq/master
  • 6266453 Do not apply unsafe optimisations in cssnano
  • ca8cff5 Only apply 'safe' optimisations in cssnano
  • 5477baf Merge pull request #417 from gaomd/patch-1
  • 9368b75 Fix section heading level in readme.md
  • 05ec9d3 Reference config properly - closes #404
  • 7e8b4c8 Fix comment
  • 5962e2a Merge pull request #373 from peterfox/feature/dynamic-view-path
  • 20c8527 Merge branch 'master' of github.com:laravel/elixir
  • 122c92a Merge pull request #375 from odbayar/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

twilio-product-security avatar Jun 20 '23 17:06 twilio-product-security