SnowdogApps / magento2-frontools

Set of front-end tools for Magento 2 based on Gulp.js
MIT License
430 stars 142 forks source link

[Snyk] Security upgrade stylelint from 11.1.1 to 13.8.0 #414

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: stylelint The new version differs by 250 commits.
  • 1b75f38 13.8.0
  • c84362f Prepare 13.8.0
  • 00c7d73 Update deps (#5041)
  • a1c8225 Bump jest from 26.6.1 to 26.6.3 (#5036)
  • da381ee Fix `disableRanges.test.js` that uses callbacks (#4991)
  • 2db70e9 Fix `isStandardSyntaxTypeSelector.test.js` that use callbacks (#4990)
  • bb19b6c Update CHANGELOG.md
  • c36b8d0 Add selector-attribute-name-disallowed-list (#4992)
  • d42f8da Update CHANGELOG.md
  • 1e6f944 Fix false negatives for dollar variables in *-notation (#5031)
  • d347a29 Bump jest-circus from 26.6.1 to 26.6.3 (#5034)
  • 4695069 Bump file-entry-cache from 5.0.1 to 6.0.0 (#5038)
  • bd207fa Bump np from 6.5.0 to 7.0.0 (#5037)
  • 467c4f9 Bump meow from 7.1.1 to 8.0.0 (#5015)
  • 4f0225a Bump v8-compile-cache from 2.1.1 to 2.2.0 (#5028)
  • 42f6c73 Bump eslint from 7.12.1 to 7.13.0 (#5029)
  • f0b5aa8 refactor documentation config (#5025)
  • 5a84657 Update CHANGELOG.md
  • 785b59d Add ignoreAtRules to property-no-unknown (#4965)
  • 60eb7b6 Bump eslint from 7.11.0 to 7.12.1 (#5017)
  • e2ea569 Bump typescript from 4.0.3 to 4.0.5 (#5016)
  • 078e9a6 Bump lint-staged from 10.4.0 to 10.5.1 (#5014)
  • d7db502 Bump remark-cli from 8.0.1 to 9.0.0 (#4996)
  • 2cddb6e Bump jest-circus from 26.5.3 to 26.6.1 (#5009)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic