Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #17

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

lectriceye
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: chalk The new version differs by 53 commits.
  • 3fca615 2.0.0
  • f66271e Add tagged template literal (#163)
  • 23ef1c7 fix linter errors
  • c015568 add rainbow example
  • 09fb2d8 Re-implement `chalk.enabled` (#160)
  • 608242a spoof supports-color
  • 18f2e7c add host information output
  • 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
  • 54975fb TEMPORARY: emergency travis CI fix (see comments)
  • 1d73b21 Improve readme
  • 6f4d6b3 Bump dependencies
  • 8702496 Remove `chalk.styles`
  • 0412cdf Minor code improvements
  • 249b9ac ES2015ify the codebase
  • cb3f230 Add RGB (256/Truecolor) support (#140)
  • dbae68d Update dependent package count in the readme (#154)
  • 9b60021 Drop support for Node.js 0.10 and 0.12
  • 0d21449 check parent builder object for enabled status (#142)
  • 5a69476 add XO badge
  • 492f11f add example file
  • 4ce73b6 make XO happy
  • 7c02cf4 Add log statement to chalk examples (#129)
  • 835ca3d You've just reached 10,000 dependent modules. (#122)
  • 74c087d minor doc improvements (#120)

See the full diff

Package name: css-loader The new version differs by 80 commits.
  • 634ab49 chore(release): 2.0.0
  • 6ade2d0 refactor: remove unused file (#860)
  • e7525c9 test: nested url (#859)
  • 7259faa test: css hacks (#858)
  • 5e6034c feat: allow to filter import at-rules (#857)
  • 5e702e7 feat: allow filtering urls (#856)
  • 9642aa5 test: css stuff (#855)
  • 3338656 fix: reduce number of require for url (#854)
  • 533abbe test: issue 636 (#853)
  • 08c551c refactor: better warning on invalid url resolution (#852)
  • b0aa159 test: issue #589 (#851)
  • f599c70 fix: broken unucode characters (#850)
  • 1e551f3 test: issue 286 (#849)
  • 419d27b docs: improve readme (#848)
  • d94a698 refactor: webpack-default (#847)
  • b97d997 feat: schema options
  • 453248f fix: support module resolution in composes (#845)
  • 8a6ea10 refactor: postcss plugins (#844)
  • fdcf687 fix: url resolving logic (#843)
  • 889dc7f feat: allow to disable css modules and disable their by default (#842)
  • ee2d253 test: importLoaders option (#841)
  • 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
  • fe94ebc test: icss reserved keywords (#839)
  • 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint The new version differs by 250 commits.
  • c4fffbc 8.0.0
  • d51f4cf Build: changelog update for 8.0.0
  • 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
  • 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
  • f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
  • 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
  • 68a49a9 Docs: Update Rollup Integrations (#15142)
  • d867f81 Docs: Remove a dot from curly link (#15128)
  • 9f8b919 Sponsors: Sync README with website
  • 4b08f29 Sponsors: Sync README with website
  • ebc1ba1 Sponsors: Sync README with website
  • 2d654f1 Docs: add example .eslintrc.json (#15087)
  • 16034f0 Docs: fix fixable example (#15107)
  • 07175b8 8.0.0-rc.0
  • 71faa38 Build: changelog update for 8.0.0-rc.0
  • 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
  • cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
  • c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
  • 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
  • 7f2346b Docs: Update release blog post template (#15094)
  • fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
  • e3cd141 Sponsors: Sync README with website
  • 05d7140 Chore: document target global in Makefile.js (#15084)
  • 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: pixrem The new version differs by 9 commits.

See the full diff

Package name: postcss-custom-media The new version differs by 12 commits.

See the full diff

Package name: postcss-custom-properties The new version differs by 39 commits.

See the full diff

Package name: postcss-custom-selectors The new version differs by 13 commits.

See the full diff

Package name: postcss-flexbugs-fixes The new version differs by 14 commits.

See the full diff

Package name: postcss-import The new version differs by 74 commits.
  • aae7db3 12.0.0
  • d9bc09f Update eslint-config-i-am-meticulous to version 11.0.0 (#371)
  • 3868ce2 Update postcss-scss to version 2.0.0 (#370)
  • 1c40a5f Update prettier to version 1.14.0 (#373)
  • 8c8c7ec Update eslint to version 5.0.0 (#364)
  • 92e38d7 Drop Node 4 from AppVeyor
  • 9cd2953 Use PostCSS 7 & drop support for Node.js 4 (#372)
  • 84d35e2 Update prettier to version 1.13.5 (#363)
  • 7127b77 Update eslint-config-i-am-meticulous to version 10.0.0 (#362)
  • fcc31b1 Update npmpub to version 4.0.0 (#360)
  • c62200b Update eslint-config-i-am-meticulous to version 9.0.0 (#361)
  • 3d9dc49 Update prettier to version 1.13.0 (#357)
  • f72bdc2 Update prettier to version 1.12.1 (#353)
  • 64ffaa2 Update prettier to version 1.12.0 (#352)
  • af2747d Update prettier to version 1.11.0 (#346)
  • a941757 11.1.0
  • 5a99783 Add Filter Parameter (#327)
  • 7c863ea Update eslint-config-i-am-meticulous to version 8.0.0 (#344)
  • 78c0832 Update ava to version 0.25.0 (#343)
  • 2949578 Silence postcss warnings in tests
  • d5e0f10 Update .gitignore
  • 7ab52b7 Add tests for importing sub-files/directories from npm packages (#337)
  • df611c2 Update eslint to version 4.16.0 (#336)
  • b53e7f5 Update prettier to version 1.10.2 (#333)

See the full diff

Package name: postcss-loader The new version differs by 205 commits.
  • 7647ac9 chore(release): 3.0.0
  • 313c3c4 docs(README): update filename formatting
  • d6931da refactor(Error): add `error` property checks
  • 962b1d6 refactor(options): remove `ident` from validation schema
  • 1f98aee refactor(Warning): add `warning` property checks
  • 95de4c1 docs(LOADER): update JSDoc
  • ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
  • 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
  • 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
  • 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
  • 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
  • bdcbef0 refactor(src): update code base with latest ES2015+ features
  • f34954f fix(index): add ast version (`meta.ast`)
  • 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
  • 2c6033b test(Errors): remove stacktrace from snapshot
  • 549ea08 fix(options): improved `ValidationError` messages
  • fbf05de test: replace helpers with `@ webpack-utilities/test` (#386)
  • daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (#375)
  • 114db12 docs(README): add autoprefixing example (#380)
  • 8772814 style(standard): fix linting issues
  • 8ef443f ci(travis): build stages
  • 6f10898 ci(appveyor): readd Appveyor CI (#381)
  • 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (#382)
  • 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (#379)

See the full diff

Package name: postcss-media-minmax The new version differs by 10 commits.

See the full diff

Package name: postcss-nesting The new version differs by 31 commits.

See the full diff

Package name: postcss-selector-matches The new version differs by 8 commits.

See the full diff

Package name: postcss-selector-not The new version differs by 15 commits.

See the full diff

Package name: stylelint The new version differs by 250 commits.
  • cf2f45f 13.7.0
  • 797cc84 Prepare 13.7.0
  • fb4287c Prepare changelog
  • d725b88 Update dependencies
  • 9401f56 Update CHANGELOG.md
  • 2b7e8ad Deprecate *-blacklist/*-requirelist/*-whitelist (#4892)
  • 181f3d9 Fix some path / glob problems (#4867)
  • 3cfc658 Update CHANGELOG.md
  • 0a17b64 Add a reportDescriptionlessDisables flag (#4907)
  • 5446be2 Fix CHANGELOG.md format via Prettier (#4910)
  • 260e743 Fix callbacks in tests (#4903)
  • d0a150e Update CHANGELOG.md
  • 2c4d77f Fix false positives for trailing combinator in selector-combinator-space-after (#4878)
  • e2da124 Add coc-stylelint (#4901)
  • fd1875d Update CHANGELOG.md
  • e124033 Add support for *.cjs config files (#4905)
  • 858dcd5 Add a reportDisables secondary option (#4897)
  • 40e60ce Support multi-line disable descriptions (#4895)
  • 03f494d faster levenshtein (#4874)
  • a5b8277 Update CHANGELOG.md
  • 9e1edfa Fix TypeError for custom properties fallback in length-zero-no-unit (#4860)
  • 1e52251 Update CHANGELOG.md
  • 53f5c18 Add autofix to *-no-vendor rules (#4859)
  • 23c0e81 Bump @ stylelint/postcss-css-in-js from 0.37.1 to 0.37.2 (#4888)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants