lejing-mall
lejing-mall copied to clipboard
Published
20 hours ago •
Weasley-J
Weasley-J
[Snyk] Fix for 14 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- lejing-web-frontend/lejing-manage/package.json
- lejing-web-frontend/lejing-manage/.snyk
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
484/1000 Why? Has a fix available, CVSS 5.4 |
Open Redirect SNYK-JS-GOT-2932019 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Certificate Validation SNYK-JS-NODESASS-1059081 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
 |
410/1000 Why? Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579147 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579152 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579155 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620 |
Yes | No Known Exploit |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Cross-site Scripting (XSS) npm:vue:20180802 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp
The new version differs by 134 commits.- 55eb23a Release: 4.0.0
- 173a532 Docs: Fix the installation instructions
- ec54d09 Docs: Improve note about out-of-date docs
- 03b7c98 Docs: Update recipes to install gulp@next
- 2eba29e Docs: Remove run-sequence from recipes
- 76eb4d6 Docs: Add installation instructions & update badges
- fbc162f Docs: Remove references to gulp-util
- 3011cf9 Scaffold: Normalize repository
- f27be05 Update: Remove graceful-fs from test suite
- 361ab63 Upgrade: Update glob-watcher
- 064d100 Build: Avoid broken node 9
- 057df59 Release: 4.0.0-alpha.3
- c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
- 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
- 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
- 723cbc4 Docs: Fix syntax in recipe example (#1715)
- d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
- 29ece6f Upgrade: Update undertaker
- e931cb0 Docs: Fix changelog typos (#1696)
- 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
- d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
- 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
- 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
- c3dbc10 Docs: Clarify incremental builds example (#1609)
Package name: node-sass
The new version differs by 90 commits.- 3b556c1 7.0.2
- c716359 Bump sass-graph@^4.0.1 (#3292)
- 24741b3 docs(readme): fix docpad plugin link
- 1523330 feat: Drop Node 12
- 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
- 1456114 build(deps): bump actions/upload-artifact from 2 to 3
- b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
- e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
- 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
- 29e2344 build(deps): bump actions/checkout from 2 to 3
- 85b0d22 build(deps): bump actions/setup-node from 2 to 3
- 3bb51da Use make-fetch-happen instead of request (#3193)
- adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
- 77d12f0 chore: disable Apline for Node 16/17 builds
- 308d533 ci: use Python 3 for Node 12
- c818907 ci: unpin actions/setup-node to v2
- 99242d7 7.0.1
- 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
- c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
- 918dcb3 Lint fix
- 0a21792 Set rejectUnauthorized to true by default (#3149)
- e80d4af chore: Drop EOL Node 15 (#3122)
- d753397 feat: Add Node 17 support (#3195)
- dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
With a Snyk patch:
| Severity | Priority Score (*) | Issue | Exploit Maturity |
|---|---|---|---|
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620 |
No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Open Redirect 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
