Closed Jkrzy closed 3 months ago
This pull request has been inactive for 30 days. Is it still in progress? If so, please comment, remove the "stale" label, or add new changes. Otherwise, this pull request will be automatically closed in 14 days.
Closing. The major version upgrade is build-breaking, and as this is a build-time vulnerability triggered by unfiltered user input, we will be able to see when it happens in pull requests where the build check never finishes.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json⚠️ Warning
``` Failed to update the package-lock.json, please update manually before merging. ```**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: esbuild-sass-plugin
The new version differs by 7 commits.