SnowdogApps / magento2-frontools

Set of front-end tools for Magento 2 based on Gulp.js
MIT License
430 stars 142 forks source link

[Snyk] Security upgrade marked from 1.2.2 to 2.0.0 #412

Closed Igloczek closed 3 years ago

Igloczek commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-1070800
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: marked The new version differs by 100 commits.
  • 8a7502f chore(release): 2.0.0 [skip ci]
  • 9d3a781 šŸ—œļø build [skip ci]
  • 7293251 fix: Total rework of Emphasis/Strong (#1864)
  • f848e77 fix: Join adjacent inlineText tokens (#1926)
  • f2535f1 chore(release): 1.2.9 [skip ci]
  • f0dc8a2 šŸ—œļø build [skip ci]
  • 1e36afd fix: allow sublist to be single space in pedantic (#1924)
  • b97b802 chore(deps-dev): Bump rollup from 2.38.0 to 2.38.3 (#1922)
  • 409ef11 chore(deps-dev): Bump @ rollup/plugin-babel from 5.2.2 to 5.2.3 (#1917)
  • f86549d chore(deps-dev): Bump rollup from 2.38.0 to 2.38.2 (#1916)
  • b2fe7c1 chore(deps-dev): Bump uglify-js from 3.12.5 to 3.12.6 (#1919)
  • aec6b9d chore(deps-dev): Bump @ rollup/plugin-commonjs from 17.0.0 to 17.1.0 (#1918)
  • afb285d chore(deps-dev): Bump eslint from 7.18.0 to 7.19.0 (#1920)
  • 57d41b8 chore(release): 1.2.8 [skip ci]
  • 608ba7c šŸ—œļø build [skip ci]
  • 53c79ee fix: leave whitespace only lines alone (#1889)
  • 42a18f1 chore(deps-dev): Bump rollup from 2.36.2 to 2.38.0 (#1910)
  • be27b84 chore(deps-dev): Bump uglify-js from 3.12.4 to 3.12.5 (#1911)
  • 5f4a931 chore(deps-dev): Bump jasmine from 3.6.3 to 3.6.4 (#1912)
  • c457c53 chore(deps-dev): Bump semantic-release from 17.3.3 to 17.3.7 (#1913)
  • e1392c2 chore(deps-dev): Bump rollup from 2.36.1 to 2.36.2 (#1901)
  • e9ce0ee chore(deps-dev): Bump eslint from 7.17.0 to 7.18.0 (#1902)
  • e3e33ee chore(deps-dev): Bump semantic-release from 17.3.1 to 17.3.3 (#1903)
  • 659e558 chore(deps-dev): Bump @ semantic-release/npm from 7.0.9 to 7.0.10 (#1904)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic