SnowdogApps / magento2-frontools

Set of front-end tools for Magento 2 based on Gulp.js
MIT License
430 stars 142 forks source link

[Snyk] Fix for 1 vulnerabilities #428

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-sass The new version differs by 5 commits.
  • 5775044 Update CHANGELOG.md
  • 978b8f6 Update to major version 5 (#802)
  • 10eae93 Update changelog for 4.1.1
  • 947b26c Upgrade lodash to fix a security issue (#776)
  • 8d6ac29 Update changelog
See the full diff
Package name: stylelint The new version differs by 250 commits.
  • cf2f45f 13.7.0
  • 797cc84 Prepare 13.7.0
  • fb4287c Prepare changelog
  • d725b88 Update dependencies
  • 9401f56 Update CHANGELOG.md
  • 2b7e8ad Deprecate *-blacklist/*-requirelist/*-whitelist (#4892)
  • 181f3d9 Fix some path / glob problems (#4867)
  • 3cfc658 Update CHANGELOG.md
  • 0a17b64 Add a reportDescriptionlessDisables flag (#4907)
  • 5446be2 Fix CHANGELOG.md format via Prettier (#4910)
  • 260e743 Fix callbacks in tests (#4903)
  • d0a150e Update CHANGELOG.md
  • 2c4d77f Fix false positives for trailing combinator in selector-combinator-space-after (#4878)
  • e2da124 Add coc-stylelint (#4901)
  • fd1875d Update CHANGELOG.md
  • e124033 Add support for *.cjs config files (#4905)
  • 858dcd5 Add a reportDisables secondary option (#4897)
  • 40e60ce Support multi-line disable descriptions (#4895)
  • 03f494d faster levenshtein (#4874)
  • a5b8277 Update CHANGELOG.md
  • 9e1edfa Fix TypeError for custom properties fallback in length-zero-no-unit (#4860)
  • 1e52251 Update CHANGELOG.md
  • 53f5c18 Add autofix to *-no-vendor rules (#4859)
  • 23c0e81 Bump @ stylelint/postcss-css-in-js from 0.37.1 to 0.37.2 (#4888)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic