Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
Release Notes
gruntjs/grunt
### [`v1.5.3`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.3)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.5.2...v1.5.3)
- Merge pull request [#1745](https://togithub.com/gruntjs/grunt/issues/1745) from gruntjs/fix-copy-op [`572d79b`](https://togithub.com/gruntjs/grunt/commit/572d79b)
- Patch up race condition in symlink copying. [`58016ff`](https://togithub.com/gruntjs/grunt/commit/58016ff)
- Merge pull request [#1746](https://togithub.com/gruntjs/grunt/issues/1746) from JamieSlome/patch-1 [`0749e1d`](https://togithub.com/gruntjs/grunt/commit/0749e1d)
- Create SECURITY.md [`69b7c50`](https://togithub.com/gruntjs/grunt/commit/69b7c50)
### [`v1.5.2`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.2)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.5.1...v1.5.2)
- Update Changelog [`7f15fd5`](https://togithub.com/gruntjs/grunt/commit/7f15fd5)
- Merge pull request [#1743](https://togithub.com/gruntjs/grunt/issues/1743) from gruntjs/cleanup-link [`b0ec6e1`](https://togithub.com/gruntjs/grunt/commit/b0ec6e1)
- Clean up link handling [`433f91b`](https://togithub.com/gruntjs/grunt/commit/433f91b)
### [`v1.5.1`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.1)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.5.0...v1.5.1)
- Merge pull request [#1742](https://togithub.com/gruntjs/grunt/issues/1742) from gruntjs/update-symlink-test [`ad22608`](https://togithub.com/gruntjs/grunt/commit/ad22608)
- Fix symlink test [`0652305`](https://togithub.com/gruntjs/grunt/commit/0652305)
### [`v1.5.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.0)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.4.1...v1.5.0)
- Updated changelog [`b2b2c2b`](https://togithub.com/gruntjs/grunt/commit/b2b2c2b)
- Merge pull request [#1740](https://togithub.com/gruntjs/grunt/issues/1740) from gruntjs/update-deps-22-10 [`3eda6ae`](https://togithub.com/gruntjs/grunt/commit/3eda6ae)
- Update testing matrix [`47d32de`](https://togithub.com/gruntjs/grunt/commit/47d32de)
- More updates [`2e9161c`](https://togithub.com/gruntjs/grunt/commit/2e9161c)
- Remove console log [`04b960e`](https://togithub.com/gruntjs/grunt/commit/04b960e)
- Update dependencies, tests... [`aad3d45`](https://togithub.com/gruntjs/grunt/commit/aad3d45)
- Merge pull request [#1736](https://togithub.com/gruntjs/grunt/issues/1736) from justlep/main [`fdc7056`](https://togithub.com/gruntjs/grunt/commit/fdc7056)
- support .cjs extension [`e35fe54`](https://togithub.com/gruntjs/grunt/commit/e35fe54)
### [`v1.4.1`](https://togithub.com/gruntjs/grunt/releases/tag/v1.4.1)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.4.0...v1.4.1)
- Update Changelog [`e7625e5`](https://togithub.com/gruntjs/grunt/commit/e7625e5)
- Merge pull request [#1731](https://togithub.com/gruntjs/grunt/issues/1731) from gruntjs/update-options [`5d67e34`](https://togithub.com/gruntjs/grunt/commit/5d67e34)
- Fix ci install [`d13bf88`](https://togithub.com/gruntjs/grunt/commit/d13bf88)
- Switch to Actions [`08896ae`](https://togithub.com/gruntjs/grunt/commit/08896ae)
- Update grunt-known-options [`eee0673`](https://togithub.com/gruntjs/grunt/commit/eee0673)
- Add note about a breaking change [`1b6e288`](https://togithub.com/gruntjs/grunt/commit/1b6e288)
### [`v1.4.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.4.0)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.3.0...v1.4.0)
- Merge pull request [#1728](https://togithub.com/gruntjs/grunt/issues/1728) from gruntjs/update-deps-changelog [`63b2e89`](https://togithub.com/gruntjs/grunt/commit/63b2e89)
- Update changelog and util dep [`106ed17`](https://togithub.com/gruntjs/grunt/commit/106ed17)
- Merge pull request [#1727](https://togithub.com/gruntjs/grunt/issues/1727) from gruntjs/update-deps-apr [`49de70b`](https://togithub.com/gruntjs/grunt/commit/49de70b)
- Update CLI and nodeunit [`47cf8b6`](https://togithub.com/gruntjs/grunt/commit/47cf8b6)
- Merge pull request [#1722](https://togithub.com/gruntjs/grunt/issues/1722) from gruntjs/update-through [`e86db1c`](https://togithub.com/gruntjs/grunt/commit/e86db1c)
- Update deps [`4952368`](https://togithub.com/gruntjs/grunt/commit/4952368)
### [`v1.3.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.3.0)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.2.1...v1.3.0)
- Merge pull request [#1720](https://togithub.com/gruntjs/grunt/issues/1720) from gruntjs/update-changelog-deps [`faab6be`](https://togithub.com/gruntjs/grunt/commit/faab6be)
- Update Changelog and legacy-util dependency [`520fedb`](https://togithub.com/gruntjs/grunt/commit/520fedb)
- Merge pull request [#1719](https://togithub.com/gruntjs/grunt/issues/1719) from gruntjs/yaml-refactor [`7e669ac`](https://togithub.com/gruntjs/grunt/commit/7e669ac)
- Switch to use `safeLoad` for loading YML files via `file.readYAML`. [`e350cea`](https://togithub.com/gruntjs/grunt/commit/e350cea)
- Merge pull request [#1718](https://togithub.com/gruntjs/grunt/issues/1718) from gruntjs/legacy-log-bumo [`7125f49`](https://togithub.com/gruntjs/grunt/commit/7125f49)
- Bump legacy-log [`00d5907`](https://togithub.com/gruntjs/grunt/commit/00d5907)
### [`v1.2.1`](https://togithub.com/gruntjs/grunt/releases/tag/v1.2.1)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.2.0...v1.2.1)
- Changelog update [`ae11839`](https://togithub.com/gruntjs/grunt/commit/ae11839)
- Merge pull request [#1715](https://togithub.com/gruntjs/grunt/issues/1715) from sibiraj-s/remove-path-is-absolute [`9d23cb6`](https://togithub.com/gruntjs/grunt/commit/9d23cb6)
- Remove path-is-absolute dependency [`e789b1f`](https://togithub.com/gruntjs/grunt/commit/e789b1f)
### [`v1.2.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.2.0)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.1.0...v1.2.0)
- Allow usage of grunt plugins that are located in any location that
is visible to Node.js and NPM, instead of node_modules directly
inside package that have a dev dependency to these plugin[https://github.com/gruntjs/grunt/pull/1677](https://togithub.com/gruntjs/grunt/pull/1677)nt/pull/1677)
- Removed coffeescript from dependencies. To ease transition, if
coffeescript is still around, Grunt will attempt to load it.
If it is not, and the user loads a CoffeeScript file,
Grunt will print a useful error indicating that the
coffeescript package should be installed as a dev dependency.
This is considerably more user-friendly than dropping the require entirely,
but doing so is feasible with the latest grunt-cli as users
may simply use grunt --require [https://github.com/gruntjs/grunt/pull/1675](https://togithub.com/gruntjs/grunt/pull/1675)thub.com/gruntjs/grunt/pull/1675)
- Exposes Grunt Option keys for ease of use.
([https://github.com/gruntjs/grunt/pull/1570](https://togithub.com/gruntjs/grunt/pull/1570)1570)
- Avoiding infinite loop on very long command names.
([https://github.com/gruntjs/grunt/pull/1697](https://togithub.com/gruntjs/grunt/pull/1697)1697)
### [`v1.1.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.1.0)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.4...v1.1.0)
- Update to mkdirp ~1.0.3
- Only support versions of Node >= 8
### [`v1.0.4`](https://togithub.com/gruntjs/grunt/compare/v1.0.3...v1.0.4)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.3...v1.0.4)
### [`v1.0.3`](https://togithub.com/gruntjs/grunt/compare/v1.0.2...v1.0.3)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.2...v1.0.3)
### [`v1.0.2`](https://togithub.com/gruntjs/grunt/compare/v1.0.1...v1.0.2)
[Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.1...v1.0.2)
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
1.0.1->1.5.3This PR resolves the vulnerabilities described in Issue #19
Version 1.0.1
| Risk ChangeVersion 1.5.3
| Risk ChangeVersion 1.6.0
| Risk ChangeMend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
Release Notes
gruntjs/grunt
### [`v1.5.3`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.3) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.5.2...v1.5.3) - Merge pull request [#1745](https://togithub.com/gruntjs/grunt/issues/1745) from gruntjs/fix-copy-op [`572d79b`](https://togithub.com/gruntjs/grunt/commit/572d79b) - Patch up race condition in symlink copying. [`58016ff`](https://togithub.com/gruntjs/grunt/commit/58016ff) - Merge pull request [#1746](https://togithub.com/gruntjs/grunt/issues/1746) from JamieSlome/patch-1 [`0749e1d`](https://togithub.com/gruntjs/grunt/commit/0749e1d) - Create SECURITY.md [`69b7c50`](https://togithub.com/gruntjs/grunt/commit/69b7c50) ### [`v1.5.2`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.2) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.5.1...v1.5.2) - Update Changelog [`7f15fd5`](https://togithub.com/gruntjs/grunt/commit/7f15fd5) - Merge pull request [#1743](https://togithub.com/gruntjs/grunt/issues/1743) from gruntjs/cleanup-link [`b0ec6e1`](https://togithub.com/gruntjs/grunt/commit/b0ec6e1) - Clean up link handling [`433f91b`](https://togithub.com/gruntjs/grunt/commit/433f91b) ### [`v1.5.1`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.1) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.5.0...v1.5.1) - Merge pull request [#1742](https://togithub.com/gruntjs/grunt/issues/1742) from gruntjs/update-symlink-test [`ad22608`](https://togithub.com/gruntjs/grunt/commit/ad22608) - Fix symlink test [`0652305`](https://togithub.com/gruntjs/grunt/commit/0652305) ### [`v1.5.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.5.0) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.4.1...v1.5.0) - Updated changelog [`b2b2c2b`](https://togithub.com/gruntjs/grunt/commit/b2b2c2b) - Merge pull request [#1740](https://togithub.com/gruntjs/grunt/issues/1740) from gruntjs/update-deps-22-10 [`3eda6ae`](https://togithub.com/gruntjs/grunt/commit/3eda6ae) - Update testing matrix [`47d32de`](https://togithub.com/gruntjs/grunt/commit/47d32de) - More updates [`2e9161c`](https://togithub.com/gruntjs/grunt/commit/2e9161c) - Remove console log [`04b960e`](https://togithub.com/gruntjs/grunt/commit/04b960e) - Update dependencies, tests... [`aad3d45`](https://togithub.com/gruntjs/grunt/commit/aad3d45) - Merge pull request [#1736](https://togithub.com/gruntjs/grunt/issues/1736) from justlep/main [`fdc7056`](https://togithub.com/gruntjs/grunt/commit/fdc7056) - support .cjs extension [`e35fe54`](https://togithub.com/gruntjs/grunt/commit/e35fe54) ### [`v1.4.1`](https://togithub.com/gruntjs/grunt/releases/tag/v1.4.1) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.4.0...v1.4.1) - Update Changelog [`e7625e5`](https://togithub.com/gruntjs/grunt/commit/e7625e5) - Merge pull request [#1731](https://togithub.com/gruntjs/grunt/issues/1731) from gruntjs/update-options [`5d67e34`](https://togithub.com/gruntjs/grunt/commit/5d67e34) - Fix ci install [`d13bf88`](https://togithub.com/gruntjs/grunt/commit/d13bf88) - Switch to Actions [`08896ae`](https://togithub.com/gruntjs/grunt/commit/08896ae) - Update grunt-known-options [`eee0673`](https://togithub.com/gruntjs/grunt/commit/eee0673) - Add note about a breaking change [`1b6e288`](https://togithub.com/gruntjs/grunt/commit/1b6e288) ### [`v1.4.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.4.0) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.3.0...v1.4.0) - Merge pull request [#1728](https://togithub.com/gruntjs/grunt/issues/1728) from gruntjs/update-deps-changelog [`63b2e89`](https://togithub.com/gruntjs/grunt/commit/63b2e89) - Update changelog and util dep [`106ed17`](https://togithub.com/gruntjs/grunt/commit/106ed17) - Merge pull request [#1727](https://togithub.com/gruntjs/grunt/issues/1727) from gruntjs/update-deps-apr [`49de70b`](https://togithub.com/gruntjs/grunt/commit/49de70b) - Update CLI and nodeunit [`47cf8b6`](https://togithub.com/gruntjs/grunt/commit/47cf8b6) - Merge pull request [#1722](https://togithub.com/gruntjs/grunt/issues/1722) from gruntjs/update-through [`e86db1c`](https://togithub.com/gruntjs/grunt/commit/e86db1c) - Update deps [`4952368`](https://togithub.com/gruntjs/grunt/commit/4952368) ### [`v1.3.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.3.0) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.2.1...v1.3.0) - Merge pull request [#1720](https://togithub.com/gruntjs/grunt/issues/1720) from gruntjs/update-changelog-deps [`faab6be`](https://togithub.com/gruntjs/grunt/commit/faab6be) - Update Changelog and legacy-util dependency [`520fedb`](https://togithub.com/gruntjs/grunt/commit/520fedb) - Merge pull request [#1719](https://togithub.com/gruntjs/grunt/issues/1719) from gruntjs/yaml-refactor [`7e669ac`](https://togithub.com/gruntjs/grunt/commit/7e669ac) - Switch to use `safeLoad` for loading YML files via `file.readYAML`. [`e350cea`](https://togithub.com/gruntjs/grunt/commit/e350cea) - Merge pull request [#1718](https://togithub.com/gruntjs/grunt/issues/1718) from gruntjs/legacy-log-bumo [`7125f49`](https://togithub.com/gruntjs/grunt/commit/7125f49) - Bump legacy-log [`00d5907`](https://togithub.com/gruntjs/grunt/commit/00d5907) ### [`v1.2.1`](https://togithub.com/gruntjs/grunt/releases/tag/v1.2.1) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.2.0...v1.2.1) - Changelog update [`ae11839`](https://togithub.com/gruntjs/grunt/commit/ae11839) - Merge pull request [#1715](https://togithub.com/gruntjs/grunt/issues/1715) from sibiraj-s/remove-path-is-absolute [`9d23cb6`](https://togithub.com/gruntjs/grunt/commit/9d23cb6) - Remove path-is-absolute dependency [`e789b1f`](https://togithub.com/gruntjs/grunt/commit/e789b1f) ### [`v1.2.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.2.0) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.1.0...v1.2.0) - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugin[https://github.com/gruntjs/grunt/pull/1677](https://togithub.com/gruntjs/grunt/pull/1677)nt/pull/1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency. This is considerably more user-friendly than dropping the require entirely, but doing so is feasible with the latest grunt-cli as users may simply use grunt --require [https://github.com/gruntjs/grunt/pull/1675](https://togithub.com/gruntjs/grunt/pull/1675)thub.com/gruntjs/grunt/pull/1675) - Exposes Grunt Option keys for ease of use. ([https://github.com/gruntjs/grunt/pull/1570](https://togithub.com/gruntjs/grunt/pull/1570)1570) - Avoiding infinite loop on very long command names. ([https://github.com/gruntjs/grunt/pull/1697](https://togithub.com/gruntjs/grunt/pull/1697)1697) ### [`v1.1.0`](https://togithub.com/gruntjs/grunt/releases/tag/v1.1.0) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.4...v1.1.0) - Update to mkdirp ~1.0.3 - Only support versions of Node >= 8 ### [`v1.0.4`](https://togithub.com/gruntjs/grunt/compare/v1.0.3...v1.0.4) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.3...v1.0.4) ### [`v1.0.3`](https://togithub.com/gruntjs/grunt/compare/v1.0.2...v1.0.3) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.2...v1.0.3) ### [`v1.0.2`](https://togithub.com/gruntjs/grunt/compare/v1.0.1...v1.0.2) [Compare Source](https://togithub.com/gruntjs/grunt/compare/v1.0.1...v1.0.2)