cmv-app icon indicating copy to clipboard operation
cmv-app copied to clipboard

Published 20 hours ago verified publisher icon cmv

[Snyk] Security upgrade stylelint from 13.13.1 to 16.1.0

Open tmcgee opened this issue 6 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: stylelint The new version differs by 250 commits.
  • 5882290 16.1.0
  • 6c4b64d Prepare 16.1.0 (#7415)
  • 566c422 Bump file-entry-cache from 7.0.2 to 8.0.0 (#7427)
  • 42bf8f8 Bump meow from 12.1.1 to 13.0.0 (#7426)
  • cb509a0 Fix `function-url-quotes` false positives for SCSS variable and `@` character (#7416)
  • e222352 Document benefits from TypeScript annotation (#7423)
  • 760a6f1 Fix `selector-pseudo-class-no-unknown` false positive for `:popover-open` (#7425)
  • 8ec6748 Add `ignore: ["keyframe-selectors"]` to `selector-disallowed-list` (#7417)
  • 548b221 Add missing changelog for PR #7366
  • 19ab06a Sort rules alphabetically in `docs/user-guide/rules.md` (#7422)
  • 0e8b1fd Bump rollup from 4.8.0 to 4.9.1 (#7414)
  • 0455938 Bump the csstools-parser group with 2 updates (#7411)
  • e03a0f9 Update stylelint-stylistic plugin link (#7419)
  • b92260f Bump @ csstools/selector-specificity from 3.0.0 to 3.0.1 (#7413)
  • 368e40f Bump the eslint group with 2 updates (#7412)
  • ef766cd Bump github/codeql-action from 2 to 3 (#7410)
  • b34a184 Document testing options in more detail in the v16 migration guide (#7407)
  • 7620c2c Fix `declaration-property-value-no-unknown` and other false positives for multiline SCSS interpolation (#7406)
  • d03def6 Add lightness-notation (#7366)
  • da7ce21 16.0.2
  • 303b3c9 Prepare 16.0.2 (#7386)
  • fbc6adf Bump rollup from 4.6.1 to 4.8.0 (#7394)
  • d4b12aa Bump np from 8.0.4 to 9.2.0 (#7391)
  • 0ec3df4 Bump the typescript group with 1 update (#7390)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

tmcgee avatar Dec 26 '23 14:12 tmcgee