cordova-hotspot-plugin
cordova-hotspot-plugin copied to clipboard
Published
20 hours ago •
hypery2k
hypery2k
[Snyk] Security upgrade gulp-sass from 2.3.2 to 5.0.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- example/hotspot-app/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Certificate Validation SNYK-JS-NODESASS-1059081 |
Yes | No Known Exploit |
|
550/1000 Why? Has a fix available, CVSS 6.5 |
Out-of-bounds Read SNYK-JS-NODESASS-535499 |
Yes | No Known Exploit |
 |
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Out-of-bounds Read SNYK-JS-NODESASS-535501 |
Yes | Proof of Concept |
|
600/1000 Why? Has a fix available, CVSS 7.5 |
Uncontrolled Recursion SNYK-JS-NODESASS-535503 |
Yes | No Known Exploit |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Resource Exhaustion SNYK-JS-NODESASS-535504 |
Yes | Proof of Concept |
|
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8 |
NULL Pointer Dereference SNYK-JS-NODESASS-535505 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Uncontrolled Recursion SNYK-JS-NODESASS-540960 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Out-of-bounds Read SNYK-JS-NODESASS-540962 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Improper Input Validation SNYK-JS-NODESASS-540966 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Improper Input Validation SNYK-JS-NODESASS-540968 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Uncontrolled Recursion SNYK-JS-NODESASS-540970 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Out-of-bounds Read SNYK-JS-NODESASS-540972 |
Yes | No Known Exploit |
|
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8 |
NULL Pointer Dereference SNYK-JS-NODESASS-540974 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Denial of Service (DoS) SNYK-JS-NODESASS-540982 |
Yes | Proof of Concept |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Out-of-bounds Read SNYK-JS-NODESASS-540984 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Out-of-bounds Read SNYK-JS-NODESASS-540986 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-NODESASS-540988 |
Yes | No Known Exploit |
|
509/1000 Why? Has a fix available, CVSS 5.9 |
Denial of Service (DoS) SNYK-JS-NODESASS-542662 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
 |
410/1000 Why? Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579147 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579152 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579155 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp-sass
The new version differs by 42 commits.- 5775044 Update CHANGELOG.md
- 978b8f6 Update to major version 5 (#802)
- 10eae93 Update changelog for 4.1.1
- 947b26c Upgrade lodash to fix a security issue (#776)
- 8d6ac29 Update changelog
- 43c0547 4.1.0
- ebe3ec6 Set appropriate file stat times (#763)
- 7ab018e Migrate to the lodash package
- fa670c6 4.0.2
- fefa00e Revert package.json version bump
- 98254d2 Fix README typos
- 8a14419 Continue loading Node Sass by default
- 938afbe Add a note about synchronous versus asynchronous speed
- 7cc2db1 Make this package implementation-agnostic
- 643f73b Add documentation for synchronous code options
- 0b3c7e7 4.0.1
- daca90d Merge pull request #681 from DKvistgaard/master
- 71471c2 Declaring logError as function instead of arrow function.
- 450a7b8 4.0.0
- e9b1fe8 Fix node versions in appveyor.yml
- 44be409 Merge pull request #667 from dlmanning/next
- 7656eff Adopt airbnb eslint preset
- 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
- 9fa817b Bump gulp-sourcemaps@^2.6.4
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
