hackstack
hackstack copied to clipboard
Published
20 hours ago •
rangle
rangle
[Snyk] Fix for 13 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
550/1000 Why? Has a fix available, CVSS 6.5 |
Out-of-Bounds SNYK-JS-NODESASS-535498 |
Yes | No Known Exploit |
|
550/1000 Why? Has a fix available, CVSS 6.5 |
NULL Pointer Dereference SNYK-JS-NODESASS-535502 |
Yes | No Known Exploit |
 |
619/1000 Why? Has a fix available, CVSS 8.1 |
Out-of-bounds Read SNYK-JS-NODESASS-540956 |
Yes | No Known Exploit |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Out-of-bounds Read SNYK-JS-NODESASS-540958 |
Yes | No Known Exploit |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
Uncontrolled Recursion SNYK-JS-NODESASS-540964 |
Yes | No Known Exploit |
|
654/1000 Why? Has a fix available, CVSS 8.8 |
NULL Pointer Dereference SNYK-JS-NODESASS-540974 |
Yes | No Known Exploit |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Denial of Service (DoS) SNYK-JS-NODESASS-540978 |
Yes | No Known Exploit |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Denial of Service (DoS) SNYK-JS-NODESASS-540980 |
Yes | No Known Exploit |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Out-of-bounds Read SNYK-JS-NODESASS-540990 |
Yes | No Known Exploit |
|
429/1000 Why? Has a fix available, CVSS 4.3 |
NULL Pointer Dereference SNYK-JS-NODESASS-540992 |
Yes | No Known Exploit |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
NULL Pointer Dereference SNYK-JS-NODESASS-540994 |
Yes | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Out-of-bounds Read SNYK-JS-NODESASS-540996 |
Yes | No Known Exploit |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Out-of-Bounds SNYK-JS-NODESASS-540998 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp-sass
The new version differs by 65 commits.- ee03918 Merge pull request #254 from dlmanning/2.x
- 598d16f Merge pull request #248 from Snugug/feature/contributing
- dec985f Merge pull request #253 from Snugug/feature/3.0-bump
- c033adf :arrow_up: Update Node Sass to 3.0
- 083e6bc :fire: Remove reference to branch
- e072993 :fire: Remove Branching Model section
- ee07858 :art: Update formatting of CHANGELOG entry
- 299c18f :memo: Add Contributing guidelines
- 33aa1f7 Merge pull request #238 from sarenji/2.x
- 2b21a49 Update to node-sass beta 7
- c1d629c Allow you to change the compiler and expose it
- cc2f815 bump node-sass to 3.0.0-beta.4
- 9b69aaa Merge pull request #228 from Snugug/2.x-datastream
- b7ade97 Indented Syntax support
- ad6e6e4 Tests for file rename and file contents change
- 0fefd16 Updated vars and includePaths based on comments
- 700ca8d Merge pull request #222 from Keats/filename
- 5b8d4eb Nope, shouldn't be , should be file name
- 4c4c3c1 A little bit of source map massaging
- bea198e Updated Tests
- 3cdf1a3 Passing file as data
- 5c7777f Rebase on top of 2.x
- de6af93 Add a sass file to the inheritance test
- 25ee16f Replace indent.sass to match an existing issue
Package name: node-sass
The new version differs by 250 commits.- 9938557 v3.7.0
- ca05f39 Attempt to fix AppVeyor tag race condition (#1519)
- 6027012 v3.7.0
- e1250eb Add Node 6 config to Travis (#1517)
- 15fe42e Node 6 with AppVeyor: don't use subst for testing (#1514)
- 0bc5da4 Simplify Node versions in Travis Ci (#1500)
- b850684 Replace deprecated npmconf package. (#1492)
- ff17933 Fix final Node 6 deprecation warnings (#1498)
- b0e1e1b Add Node 6 as a supported runtime (#1499)
- 9c71aef Update NAN to at least 2.3.2 (#1496)
- 9de9a47 Remove .only in tests
- c56f4a1 Add supported node versions to readme
- b527e60 Improve error message for unsupported environments (#1491)
- e232674 Replace TODO URL with release tab for supported versions (#1488)
- a405400 v3.6.0
- 3dcb6e2 Bump LibSass to 3.3.6 (#1476)
- ca96aa7 Fix typo
- a4a7aad v3.5.3
- 03bd69e Revert "Replace "request" by "got""
- 7e0c359 v3.5.2
- 40aeee4 Revert removal on npmconf
- d707218 Bump v3.5.1 because npm
- a15f54c Merge pull request #1452 from saper/fix-build
- 4f420a5 Use "double quotes" around the binding file name
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
