event-backend
event-backend copied to clipboard
[Snyk] Security upgrade grunt-contrib-clean from 1.1.0 to 2.0.1
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
![]() |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-ASYNC-2441827 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: grunt-contrib-clean
The new version differs by 12 commits.- 9bd20a6 2.0.1
- 518aa72 Update deps (#117)
- d226900 Update deps, clean up (#116)
- 395bb66 Bump async from 2.6.1 to 3.2.2 (#113)
- b94a81e Bump path-parse from 1.0.5 to 1.0.7 (#112)
- 897e872 Bump js-yaml from 3.5.5 to 3.14.1 (#111)
- 947a601 Bump hosted-git-info from 2.6.0 to 2.8.9 (#110)
- 569bf5f Bump lodash from 4.17.15 to 4.17.21 (#109)
- 2d125d1 Bump grunt from 1.0.3 to 1.3.0 (#108)
- c1882fa Bump lodash from 4.17.10 to 4.17.15 (#104)
- 40a65e6 Drop Node.js < 6 support and update all deps. (#101)
- 271defc updated dependencies (#96)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons: