SnowdogApps / magento2-frontools

Set of front-end tools for Magento 2 based on Gulp.js
MIT License
430 stars 142 forks source link

[Snyk] Security upgrade stylelint from 11.1.1 to 13.0.0 #413

Closed Igloczek closed 3 years ago

Igloczek commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: stylelint The new version differs by 192 commits.
  • 04af9e4 13.0.0
  • 704f6a2 Prepare 13.0.0
  • 50ba8a9 Reorder changelog
  • 1666bba Update devDependencies (#4542)
  • 062d298 Reindent nodejs.yml (#4541)
  • a24e44a Fix atypical rule README structure (#4537)
  • 616ad71 Bump husky from 4.0.3 to 4.0.6 (#4536)
  • 5e58ee7 Bump globby from 10.0.2 to 11.0.0 (#4528)
  • eaee6a4 Refactor CLI options definition (#4530)
  • 6a2ffbd Fix plugin path
  • 644b713 Fix Windows path problem
  • 1005cbd Add info about invalid syntax in FAQ (#4535)
  • 18b1f99 Fix help text indentation (#4531)
  • d3c4a9f Update CHANGELOG.md
  • 32f67e7 Update CHANGELOG.md
  • 04ec577 Bump globby from 10.0.1 to 11.0.0
  • d9dbce2 Process multiple spaces in media-feature-parentheses-space-inside (#4513)
  • 1dc203e Regenerate package-lock.json (#4517)
  • 36bf292 Bump husky from 3.1.0 to 4.0.3 (#4527)
  • f5529d5 Bump @ types/micromatch from 3.1.1 to 4.0.0 (#4526)
  • a254fd2 Bump got from 10.2.0 to 10.2.1 (#4525)
  • f2e9f02 Bump remark-validate-links from 9.0.1 to 9.1.0 (#4524)
  • 74d5233 Remove unneeded `@ types/meow` package (#4523)
  • cef0b95 Update CHANGELOG.md
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic