hackstack icon indicating copy to clipboard operation
hackstack copied to clipboard

Published 20 hours ago verified publisher icon rangle

[Snyk] Fix for 1 vulnerabilities

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-jsbeautifier The new version differs by 22 commits.
  • 2ec592b fixing copyright year
  • 1bdb7fc upgrading package
  • c76506f Merge pull request #20 from biasso/hotfix-test
  • fe61a53 Colorized logs
  • 5ca9d99 Merge pull request #18 from biasso/hotfix-test
  • 775023d Merge pull request #19 from joemaller/logs
  • dc06e64 Merge pull request #17 from biasso/master
  • dc0ab73 Merge pull request #16 from brunofin/master
  • 58a9fb2 colorized logs to match gulp convention
  • 225248f Simplified test files
  • 582a86d Replace double quote with single
  • 7351a8f Use 'rc' to load '.jsbeautifyrc'
  • f46bdc7 Added 'rc' to the dependencies
  • 5e8b314 Add '.scss', '.sass', and '.less' files extension to 'scss' configuration in index.js.
  • dd6cb89 travis
  • 234d60c package.json
  • b20b6d7 gulp-js-beautifier
  • 418c4f8 Update version
  • 343ed2d updated tests
  • c42df9f increase coverage
  • 158ed35 getting coverage to work on travis
  • 96d712a fixing tests

See the full diff

Package name: gulp-jshint The new version differs by 20 commits.
  • c277434 2.0.3
  • 711f3f0 test fix
  • 0045278 dep updates
  • bee3a83 [readme] spruce things up a bit
  • 2cb429b 2.0.2
  • f1f3fc2 Merge pull request #150 from VictorVation/master
  • 4f1f1cb update minimatch
  • 6c9cadd Merge pull request #140 from rtack/patch-1
  • 6532823 fix typo
  • 4a7f304 2.0.1
  • 5c1d63f move to explicitly imported lodash functions
  • 81c7498 Merge pull request #139 from rkurbatov/upgrade-lodash
  • 631e7ed Update .gitignore
  • 368f267 Upgrade lodash version, fix 'repository' field to correct form
  • 0d91672 Create CHANGELOG.md
  • d7cc9ea version 2.0.0
  • 02c4053 added note about jshint peerDependency
  • 226ea3b Merge pull request #120 from spalger/jshintAsPeer
  • a1c0be4 [npm] install jshint on travis, for old npm and future npm
  • 3e7ad84 [npm] move jshint to peerDependencies

See the full diff

Package name: gulp-sass The new version differs by 65 commits.
  • ee03918 Merge pull request #254 from dlmanning/2.x
  • 598d16f Merge pull request #248 from Snugug/feature/contributing
  • dec985f Merge pull request #253 from Snugug/feature/3.0-bump
  • c033adf :arrow_up: Update Node Sass to 3.0
  • 083e6bc :fire: Remove reference to branch
  • e072993 :fire: Remove Branching Model section
  • ee07858 :art: Update formatting of CHANGELOG entry
  • 299c18f :memo: Add Contributing guidelines
  • 33aa1f7 Merge pull request #238 from sarenji/2.x
  • 2b21a49 Update to node-sass beta 7
  • c1d629c Allow you to change the compiler and expose it
  • cc2f815 bump node-sass to 3.0.0-beta.4
  • 9b69aaa Merge pull request #228 from Snugug/2.x-datastream
  • b7ade97 Indented Syntax support
  • ad6e6e4 Tests for file rename and file contents change
  • 0fefd16 Updated vars and includePaths based on comments
  • 700ca8d Merge pull request #222 from Keats/filename
  • 5b8d4eb Nope, shouldn't be , should be file name
  • 4c4c3c1 A little bit of source map massaging
  • bea198e Updated Tests
  • 3cdf1a3 Passing file as data
  • 5c7777f Rebase on top of 2.x
  • de6af93 Add a sass file to the inheritance test
  • 25ee16f Replace indent.sass to match an existing issue

See the full diff

Package name: node-sass The new version differs by 171 commits.
  • 16be724 Merge pull request #927 from xzyfer/feat/3.0.0
  • c88a7c7 Bump 3.0.0
  • b3ce14d Merge pull request #926 from am11/master
  • 579baf3 build: Adds win_delay_hook so iojs runs with alias.
  • d266478 Merge pull request #909 from saper/fix/httperr
  • 988d4e2 Improve HTTP error handling
  • 1bf73b5 Merge pull request #922 from xzyfer/fix/watcher/cwd-prioritization
  • 41a0749 Watcher should prioritize cwd when resolving imports
  • f2df3d9 Merge pull request #921 from xzyfer/feat/docs/troubleshooting
  • 813b99f Add troubleshooting link to contribution doc
  • 5633975 Add troubleshooting link to readme
  • ab1beec Inital TROUBLESHOOTING.md
  • 02b8de0 Merge pull request #920 from xzyfer/feat/libsass/3.2.2
  • f134343 Bump Libsass to 3.2.2
  • f449895 Merge pull request #880 from xzyfer/feat/build/respect-libsass-ext-flag
  • 8c4e0ed Merge pull request #915 from saper/libsassver
  • 043c567 Use runtime libsass version
  • 2fce303 Merge pull request #908 from xzyfer/feat/libsass/3.2.0
  • cb8f1e4 Merge pull request #907 from xzyfer/feat/install/user-agent
  • e50899e Update sourcemap test to match updates in Libsass
  • ff3fe62 Respect the LIBSASS_EXT build flag when falling back to git
  • 60706aa Bump Libsass and sass-spec to 3.2.0
  • 1fd8d14 Set User-Agent: HTTP header
  • b50533a Merge pull request #901 from xzyfer/feat/install/sass-binary-site

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Aug 28 '20 02:08 snyk-bot