TwilioDevEd / twiliochat-laravel

Laravel implementation of Twilio Chat
https://www.twilio.com/docs/tutorials/walkthrough/ip-chat/php/laravel
MIT License
22 stars 20 forks source link

[Snyk] Security upgrade laravel-elixir from 4.2.1 to 5.0.0 #119

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: laravel-elixir The new version differs by 11 commits.
  • 2def8c9 v5.0.0
  • b0bfaf6 Merge pull request #434 from SethTompkins/master
  • 4442316 add cache and package cache browserify options keys by default
  • cc5cab9 Remove some duplication
  • f0491ba Remove gulp-phpspec plugin
  • 5fa4b86 Remove gulp-phpunit - closes #418
  • e2b2a0f Bump gulp-uglify
  • 1a26399 Ignore bang when asserting files exist - closes #429
  • 7881b51 Wrote a test for the scripts to test if my changes broke anything.
  • 589f56c Moved Uglify Config to the Config.js
  • a95c787 Add 4.2.1 notes
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic