Daylon / callisto

Lo-fat Design system
0 stars 0 forks source link

[Snyk] Fix for 3 vulnerabilities #43

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
low severity Regular Expression Denial of Service (ReDoS)
npm:eslint:20180222
No Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
Yes No Known Exploit
Commit messages
Package name: gulp The new version differs by 134 commits.
  • 55eb23a Release: 4.0.0
  • 173a532 Docs: Fix the installation instructions
  • ec54d09 Docs: Improve note about out-of-date docs
  • 03b7c98 Docs: Update recipes to install gulp@next
  • 2eba29e Docs: Remove run-sequence from recipes
  • 76eb4d6 Docs: Add installation instructions & update badges
  • fbc162f Docs: Remove references to gulp-util
  • 3011cf9 Scaffold: Normalize repository
  • f27be05 Update: Remove graceful-fs from test suite
  • 361ab63 Upgrade: Update glob-watcher
  • 064d100 Build: Avoid broken node 9
  • 057df59 Release: 4.0.0-alpha.3
  • c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
  • 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
  • 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
  • 723cbc4 Docs: Fix syntax in recipe example (#1715)
  • d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
  • 29ece6f Upgrade: Update undertaker
  • e931cb0 Docs: Fix changelog typos (#1696)
  • 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
  • d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
  • 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
  • 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
  • c3dbc10 Docs: Clarify incremental builds example (#1609)
See the full diff
Package name: sass-lint The new version differs by 94 commits.
  • dac0f12 chore(release): 1.13.0 [skip ci]
  • 6b5a615 Merge pull request #1278 from srowhani/fix/release-version
  • bf4f2ae fix(ci): rollback release version to match npm
  • 037b459 Merge pull request #1276 from srowhani/fix/dependencies
  • 37863b7 feat(ast): migrate from ast fork to latest version of gonzales
  • b508036 feat(lint): adds disable-next-line
  • 19df7ba Merge branch 'develop' into develop
  • e391436 Merge pull request #1275 from srowhani/chore/ci-deploy-phase
  • 2ab49c5 Merge branch 'develop' into chore/ci-deploy-phase
  • 49b7253 chore(ci): fix build stages
  • 50831b1 Merge pull request #1274 from srowhani/chore/ci-release-automation
  • c0bd68f chore(ci): update husky commit-msg hook
  • 814259b chore(ci): increase mocha test timeout to reduce flakiness of cli suite
  • 745c0ba chore(ci): update travis build rules, and update matrix
  • 9a6c32e chore(ci): automated release and deployment using semantic-release
  • 21a56de Merge pull request #1273 from srowhani/chore/ci
  • 3a6b08c chore(ci): update appveyor build matrix
  • 3b9f2d5 Add disable-next-line
  • 594cc6c Merge pull request #1232 from sasstools/1.13.0
  • de2bbce merge with master
  • bd0ed2b :shipit: v1.13.0
  • 501ea72 Merge pull request #1230 from ccjmne/update-smacss-ordering
  • 56fb8a9 Merge branch 'develop' into update-smacss-ordering
  • 268c939 Merge pull request #1231 from sasstools/feature_update-packages
See the full diff
With a Snyk patch:
Severity Issue Exploit Maturity
high severity Prototype Pollution
SNYK-JS-LODASH-450202
Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic