Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: chalk The new version differs by 53 commits.
  • 3fca615 2.0.0
  • f66271e Add tagged template literal (#163)
  • 23ef1c7 fix linter errors
  • c015568 add rainbow example
  • 09fb2d8 Re-implement `chalk.enabled` (#160)
  • 608242a spoof supports-color
  • 18f2e7c add host information output
  • 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
  • 54975fb TEMPORARY: emergency travis CI fix (see comments)
  • 1d73b21 Improve readme
  • 6f4d6b3 Bump dependencies
  • 8702496 Remove `chalk.styles`
  • 0412cdf Minor code improvements
  • 249b9ac ES2015ify the codebase
  • cb3f230 Add RGB (256/Truecolor) support (#140)
  • dbae68d Update dependent package count in the readme (#154)
  • 9b60021 Drop support for Node.js 0.10 and 0.12
  • 0d21449 check parent builder object for enabled status (#142)
  • 5a69476 add XO badge
  • 492f11f add example file
  • 4ce73b6 make XO happy
  • 7c02cf4 Add log statement to chalk examples (#129)
  • 835ca3d You've just reached 10,000 dependent modules. (#122)
  • 74c087d minor doc improvements (#120)

See the full diff

Package name: css-loader The new version differs by 9 commits.
  • 43179a8 chore(release): 1.0.0
  • 3d53968 Merge remote-tracking branch 'origin/master'
  • 240db53 version 1.0 (#742)
  • 1b7acf7 Merge remote-tracking branch 'origin/master'
  • 1703721 docs(README): add more context to `localIdentName` (#711)
  • 1c51265 docs(README): fix malformed emoji (#701)
  • 50f8ec0 Merge remote-tracking branch 'origin/master'
  • 07444ad tests: css custom variables (#709)
  • 3de8aa7 tests: css custom variables (#709)

See the full diff

Package name: eslint The new version differs by 250 commits.
  • b7d79b1 7.3.0
  • bf98627 Build: changelog update for 7.3.0
  • 638a6d6 Update: add missing `additionalProperties: false` to some rules' schema (#13198)
  • 949a5cd Update: fix operator-linebreak overrides schema (#13199)
  • 9e1414e New: Add no-promise-executor-return rule (fixes #12640) (#12648)
  • 09cc0a2 Update: max-lines reporting loc improvement (refs #12334) (#13318)
  • ee2fc2e Update: object-property-newline end location (refs #12334) (#13399)
  • d98152a Update: added empty error array check for false negative (#13200)
  • 7fb45cf Fix: clone config before validating (fixes #12592) (#13034)
  • aed46f6 Sponsors: Sync README with website
  • 7686d7f Update: semi-spacing should check do-while statements (#13358)
  • cbd0d00 Update: disallow multiple options in comma-dangle schema (fixes #13165) (#13166)
  • b550330 New: Add no-unreachable-loop rule (fixes #12381) (#12660)
  • 13999d2 Update: curly should check consequent `if` statements (#12947)
  • c42e548 Chore: enable exceptRange option in the yoda rule (#12857)
  • 6cfbd03 Update: Drop @ typescript-eslint/eslint-recommended from `eslint --init` (#13340)
  • 796f269 Chore: update eslint-config-eslint's required node version (#13379)
  • 9d0186e Docs: Fix changelog versions (#13410)
  • 1ee3c42 Docs: On maxEOF with eol-last (fixes #12742) (#13374)
  • 2a21049 Update: key-spacing loc changes for extra space (refs #12334) (#13362)
  • 7ce7988 Chore: Replace the inquirer dependency with enquirer (#13254)
  • 0f1f5ed Docs: Add security policy link to README (#13403)
  • 9e9ba89 Sponsors: Sync README with website
  • ca59fb9 Sponsors: Sync README with website

See the full diff

Package name: postcss-calc The new version differs by 80 commits.
  • cefd2c3 8.0.0
  • 44847c3 Update dependencies
  • 6826ba5 update: use PostCSS 8 API. (#125)
  • f16d55c chore(release): 7.0.5
  • 5621761 fix: reduction(#121)
  • 111a48d 7.0.4
  • 9807c5e Correctly handle summands that cancel out and pull out common factors
  • 7a3bc58 chore(release): 7.0.3
  • 0282bdc fix: substracted css-variable from zero (#111)
  • 295b1df Bump acorn from 6.1.1 to 6.4.1 (#105)
  • bcae630 7.0.2
  • 5fcc943 Update dependencies (#102)
  • 6260789 fix: incorrect reduction of subtraction from zero (#88) (#93)
  • 29ff26e refactor: reducer
  • 0f01794 refactor: reducer
  • d71d9cf fix: doesn't remove calc for single function
  • b5e20dc refactor: parser (#86)
  • b91c6e9 feat: relax parser on unknown units (#85)
  • 69a3ca0 refactor: convert unit utils (#84)
  • 1cd2c5f fix: handle numbers with exponen composed (#83)
  • c4db282 test: comments (#82)
  • 112178b ci: add node@10 (#81)
  • 5e55420 test: newline (#80)
  • 016a444 fix: handle plus sign before value (#79)

See the full diff

Package name: postcss-custom-media The new version differs by 25 commits.

See the full diff

Package name: postcss-custom-properties The new version differs by 74 commits.

See the full diff

Package name: postcss-custom-selectors The new version differs by 22 commits.

See the full diff

Package name: postcss-flexbugs-fixes The new version differs by 26 commits.

See the full diff

Package name: postcss-import The new version differs by 98 commits.
  • 7cdbb2b 13.0.0
  • a189892 Update dependency sugarss to v3 (#433)
  • 64d57af Update dependency postcss-scss to v3 (#431)
  • 4fb6746 Update dependency postcss-value-parser to v4 (#423)
  • 19632bc Update dependency prettier to v2 (#419)
  • c5679db Add support for postcss v8 (#432)
  • d288ea3 BREAKING: Require Node 10 or later; update CI config (#429)
  • 21ad9eb Configure Renovate (#411)
  • 614fb64 Fix linting
  • 3a7f728 Update prettier to version 1.19.1 (#408)
  • 7680182 Update prettier to version 1.18.0 (#398)
  • 25013d6 chore(package): update prettier to version 1.17.0 (#393)
  • 87f4320 Update eslint-plugin-import to version 2.17.1 (#395)
  • 56516e7 Actually fix sourcmap test
  • 93b7af8 Fix sourcemap tests
  • d68f50a Update ava to version 1.0.1 (#384)
  • 00e2d03 Update LICENSE (#383)
  • eb7ff85 Update prettier to version 1.15.0 (#382)
  • 397cc44 12.0.1
  • 67f4553 Set plugin property on dependency messages (#380)
  • f98dd1a Update eslint-plugin-prettier to version 3.0.0 (#377)
  • 85c7e6a Update sugarss to version 2.0.0 (#375)
  • a9a7ab2 Loosen prettier dependency to use ~ instead of pinning versions
  • 20dd08f Remove npmpub; doesn't work with npm 2FA --otp

See the full diff

Package name: postcss-loader The new version differs by 244 commits.
  • 792e217 chore(release): 4.0.0
  • 598f36d docs: improve readme
  • cad6f07 fix: avoid mutations of options and config (#470)
  • 77449e1 test: union (#469)
  • 9b75888 feat: reuse AST from other loaders (#468)
  • 5e4a77b fix: resolve `from` and `to` from config and options (#467)
  • 225b2e5 refactor: do not validate `postcss` options (#466)
  • 3d32c35 fix: `default` export for plugins (#465)
  • 38ebe08 refactor: `execute` option (#464)
  • d0ea725 refactor: config loading
  • 108d871 test: more
  • b4d3bcc chore: remove unnecessary dev deps (#460)
  • 475278c chore: move `postcss` to `peerDependencies` (#459)
  • 98441ff fix: respect the `map` option and source maps (#458)
  • ba88040 refactor: do not pass meta from other loaders (#457)
  • 25a16a0 refactor: source map code
  • 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
  • d8d84f7 refactor: code (#453)
  • 3cd85df refactor: code
  • 6eb44ed refactor: code
  • 53da71a refactor: sourcemap paths
  • d7bc470 feat: array syntax for plugins
  • 2cd7614 refactor: code (#451)
  • 60e4f12 docs: addDependency (#448)

See the full diff

Package name: postcss-media-minmax The new version differs by 13 commits.

See the full diff

Package name: postcss-nesting The new version differs by 36 commits.

See the full diff

Package name: postcss-selector-not The new version differs by 24 commits.

See the full diff

Package name: stylelint The new version differs by 250 commits.
  • cf2f45f 13.7.0
  • 797cc84 Prepare 13.7.0
  • fb4287c Prepare changelog
  • d725b88 Update dependencies
  • 9401f56 Update CHANGELOG.md
  • 2b7e8ad Deprecate *-blacklist/*-requirelist/*-whitelist (#4892)
  • 181f3d9 Fix some path / glob problems (#4867)
  • 3cfc658 Update CHANGELOG.md
  • 0a17b64 Add a reportDescriptionlessDisables flag (#4907)
  • 5446be2 Fix CHANGELOG.md format via Prettier (#4910)
  • 260e743 Fix callbacks in tests (#4903)
  • d0a150e Update CHANGELOG.md
  • 2c4d77f Fix false positives for trailing combinator in selector-combinator-space-after (#4878)
  • e2da124 Add coc-stylelint (#4901)
  • fd1875d Update CHANGELOG.md
  • e124033 Add support for *.cjs config files (#4905)
  • 858dcd5 Add a reportDisables secondary option (#4897)
  • 40e60ce Support multi-line disable descriptions (#4895)
  • 03f494d faster levenshtein (#4874)
  • a5b8277 Update CHANGELOG.md
  • 9e1edfa Fix TypeError for custom properties fallback in length-zero-no-unit (#4860)
  • 1e52251 Update CHANGELOG.md
  • 53f5c18 Add autofix to *-no-vendor rules (#4859)
  • 23c0e81 Bump @ stylelint/postcss-css-in-js from 0.37.1 to 0.37.2 (#4888)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant