wavelert
wavelert copied to clipboard
walaura
[Snyk] Fix for 6 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939 |
No | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Input Validation SNYK-JS-POSTCSS-5926692 |
Yes | No Known Exploit |
 |
816/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.9 |
Arbitrary Code Execution SNYK-JS-SAFEREVAL-534901 |
No | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: postcss-modules
The new version differs by 24 commits.- 96c24ac 3.0.0
- d7b7146 Merge pull request #108 from css-modules/move-deps-into-the-lib
- f89bca1 Update changelog
- 98cee46 Drop unsupported Node versions
- 94749f2 Update prettier, husky and lint-staged
- 7847a92 Get getJSON comment back
- e624927 Update eslint and jest tools
- 7b270aa Update PostCSS
- 6f2b5c6 Copy css-modules-loader-core sources into the repo
- a15e236 Update .npmignore
- d55f5d1 2.0.0
- df93ef2 Update changelog
- 5b68f28 Revert "updated version as well"
- acf1659 Merge pull request #103 from allocenx/diffExportedTypes
- bf33986 updated version as well
- 9a691e9 "support different exported types: camelCase, camelCaseOnly, dashes, dashesOnly (#93)"
- dcb25fc 1.5.0
- 9dfb375 Update changelog
- 6baf65b Update readme
- b40de24 Update snapshots
- 6f4d8ee Add hashPrefix support option (#98)
- f7dd758 Remove node 9 from travis
- d4a1bb9 Drop node < 8
- 0f89aa6 Update packages and replace ava with jest
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Improper Input Validation 🦉 Arbitrary Code Execution 🦉 More lessons are available in Snyk Learn
