This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- marlo-web/src/main/webapp/global/bower_components/vanilla-color-picker/package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-MINIMATCH-1019388](https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388) | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | No | No Known Exploit
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [npm:minimatch:20160620](https://snyk.io/vuln/npm:minimatch:20160620) | No | No Known Exploit
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [npm:uglify-js:20151024](https://snyk.io/vuln/npm:uglify-js:20151024) | No | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: minifier
The new version differs by 19 commits.
cff9d68 Upped the supported node versions listing to include 0.12.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/kenjitm/project/07b37206-0959-44d0-8a17-c65b8784ccec?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/kenjitm/project/07b37206-0959-44d0-8a17-c65b8784ccec?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"b0e18c6c-39ad-463f-93be-041e984e426d","prPublicId":"b0e18c6c-39ad-463f-93be-041e984e426d","dependencies":[{"name":"minifier","from":"0.6.2","to":"0.8.1"}],"packageManager":"npm","projectPublicId":"07b37206-0959-44d0-8a17-c65b8784ccec","projectUrl":"https://app.snyk.io/org/kenjitm/project/07b37206-0959-44d0-8a17-c65b8784ccec?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MINIMATCH-1019388","SNYK-JS-MINIMATCH-3050818","npm:minimatch:20160620","npm:uglify-js:20151024"],"upgrade":["SNYK-JS-MINIMATCH-1019388","SNYK-JS-MINIMATCH-3050818","npm:minimatch:20160620","npm:uglify-js:20151024"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[589,479,589,479],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - marlo-web/src/main/webapp/global/bower_components/vanilla-color-picker/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **589/1000****Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-1019388](https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388) | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[npm:minimatch:20160620](https://snyk.io/vuln/npm:minimatch:20160620) | No | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[npm:uglify-js:20151024](https://snyk.io/vuln/npm:uglify-js:20151024) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: minifier
The new version differs by 19 commits.- af4c8a8 0.8.1
- bcb8706 Updated the required node version to be >=6.3 instead of ^6.3
- 2f70c0a Bumped dependencies
- 6489b6e Merge pull request #23 from lokenx/master
- b276c2a Add more information for CSS rewrites
- 891bda9 0.8.0
- a398ae2 CSS files can now be concatenated along the same logic as JS files.
- aa43bf0 Updated test-cases to be more specific with regards to paths
- 22959f4 Multiple input css is now minified and concatenated, similar to how the JS works
- c168f8b Added test-case for multiple inputs
- e5477c1 Updated the existing test to actually test for the right thing
- 43eed3e Bumped the supported node versions
- 1a2e36e 0.7.1
- 559dfcd Mentioned the new feature in the readme.
- 4d1b347 Added option for passing a list of JS files in instead of a single.
- fcf1176 Bumped dependencies
- 2126771 0.7.0
- 1361d0a Bumped dependencies
- cff9d68 Upped the supported node versions listing to include 0.12.
See the full diff