[Snyk] Fix for 13 vulnerabilities

Open deavial opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 242 commits.

80b8d5d 5.5.0
b68e403 Build: changelog update for 5.5.0
6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
5103ee7 Docs: Add Brackets integration (#10813)
b61d2cd Update: max-params to only highlight function header (#10815)
2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
2824d43 Docs: fix comment placement in a code example (#10799)
10690b7 Upgrade: devdeps and deps to latest (#10622)
80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
cb946af Chore: use meta.messages in some rules (1/4) (#10764)
a857cd9 5.4.0
8dee250 Build: changelog update for 5.4.0
a70909f Docs: Add jscs-dev.github.io links (#10771)
034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
985567d Chore: rm unused dep string.prototype.matchall (#10756)
f3d8454 Update: Improve no-extra-parens error message (#10748)
562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
137140f Chore: use eslintrc overrides (#10677)
2af6f4f 5.3.0
11e70c7 Build: changelog update for 5.3.0
dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: gulp

The new version differs by 134 commits.

55eb23a Release: 4.0.0
173a532 Docs: Fix the installation instructions
ec54d09 Docs: Improve note about out-of-date docs
03b7c98 Docs: Update recipes to install gulp@next
2eba29e Docs: Remove run-sequence from recipes
76eb4d6 Docs: Add installation instructions & update badges
fbc162f Docs: Remove references to gulp-util
3011cf9 Scaffold: Normalize repository
f27be05 Update: Remove graceful-fs from test suite
361ab63 Upgrade: Update glob-watcher
064d100 Build: Avoid broken node 9
057df59 Release: 4.0.0-alpha.3
c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
89acc5c Docs: Improve ES2015 task exporting examples (#1999)
0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
723cbc4 Docs: Fix syntax in recipe example (#1715)
d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
29ece6f Upgrade: Update undertaker
e931cb0 Docs: Fix changelog typos (#1696)
477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-nuget-pack

The new version differs by 6 commits.

89d5f1c v0.1.0
b0ad29e Upgrade gulp to v4 (#4 from apneer/fixvulnerab)
dc88e22 move to deps
ab3e7a9 Merge branch 'fixvulnerab' of github.com:apneer/gulp-nuget-pack into fixvulnerab
7bed36d Update gulp to remove vulnerabilities; remove deprecated gulp-util
8b3ac7e Upgrade gulp to v4 to fix vulnerabilites in minimatch; remove gulp-util that is deprecated

See the full diff

Package name: gulp-sequence

The new version differs by 1 commits.

c2067a8 update dependencies, remove gulp-util, as #12

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution

This change is

Nov 27 '23 14:11 deavial