cmv-app
cmv-app copied to clipboard
[Snyk] Security upgrade stylelint from 13.13.1 to 14.0.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: stylelint
The new version differs by 219 commits.- 060310c 14.0.0
- ff4a1ef Prepare CHANGELOG
- 8d2f6e1 Bump postcss (#5619)
- f552608 Merge pull request #5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
- 7ed17ad Bump husky from 7.0.2 to 7.0.4
- 4d9f75e Merge pull request #5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
- bc9dd0b Bump jest from 27.2.5 to 27.3.1
- 82e2507 Merge pull request #5604 from stylelint/v14
- 16d259f Update CHANGELOG.md
- 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (#5613)
- 8dca498 Show more info in missing customSyntax warning (#5611)
- 2eee0a9 Remove v14 CI triggers (#5610)
- 12f8081 14.0.0-0
- 5dd7ec1 Prepare 14.0.0
- 67313a3 Add support for `extends` in `overrides` config (#5603)
- b6fd2fc Document no need for postcss-html maintainer (#5602)
- bf28025 Recommend using shared configs (#5598)
- 07118d6 Update CHANGELOG.md
- 367142a Change `ignoreFiles` to be extendable (#5596)
- 1b4162f Fix conflicts in dependabot
- 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (#5601)
- 1f32094 Bump typescript from 4.4.3 to 4.4.4 (#5599)
- 88b9575 Revise contributors section of README (#5585)
- e38da70 Use problem rather than violation in docs and types (#5592)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report