gulp-coverage icon indicating copy to clipboard operation
gulp-coverage copied to clipboard

Published 20 hours ago verified publisher icon dylanb

[Snyk] Security upgrade gulp-util from 2.2.20 to 3.0.8

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-util The new version differs by 84 commits.
  • 28c2aa2 3.0.8
  • 1034a68 Upgrade: bump dateformat, per https://github.com/felixge/node-dateformat/pull/53#issuecomment-245782776 (#130)
  • 5a417cf Merge pull request #125 from jmeas/patch-1
  • 8cdbc07 Remove gutil.beep() from README example
  • b74a5ff 3.0.7
  • 5c0c5cf bump logger versions
  • 3879b24 Merge pull request #106 from stevelacy/patch-1
  • 7bba70f Update package repo link
  • 194248a Merge pull request #105 from gulpjs/gulplog
  • 65c210a add branching logic to support new gulplog stuff
  • 4656163 Merge pull request #100 from makky3939/clean_up_template_js
  • 878c95b fix
  • 385b059 more readable
  • 7e1336e 3.0.6
  • 64325ae Merge pull request #99 from TrySound/master
  • 5755bb3 Updated dependencies
  • 1c96495 Merge pull request #97 from arthurvr/patch-1
  • de9c310 Update node version in readme
  • d9ac713 3.0.5
  • 5155266 Merge pull request #94 from pgilad/patch-1
  • d666893 update license attribute
  • 81a61ce Merge pull request #92 from stringparser/fix-log-formatting
  • c107206 missing quotes on previous test and space for object in current
  • 0c4f90f fix tests logging

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Mar 25 '21 01:03 snyk-bot