alistapart / pattern-library

The ALA Pattern Library.
http://patterns.alistapart.com/
MIT License
328 stars 42 forks source link

[Snyk] Security upgrade grunt from 1.0.4 to 1.3.0 #54

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt The new version differs by 40 commits.
  • 6f49017 1.3.0
  • faab6be Merge pull request #1720 from gruntjs/update-changelog-deps
  • 520fedb Update Changelog and legacy-util dependency
  • 7e669ac Merge pull request #1719 from gruntjs/yaml-refactor
  • e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
  • 7125f49 Merge pull request #1718 from gruntjs/legacy-log-bumo
  • 00d5907 Bump legacy-log
  • 3b75085 1.2.1
  • ae11839 Changelog update
  • 9d23cb6 Merge pull request #1715 from sibiraj-s/remove-path-is-absolute
  • e789b1f Remove path-is-absolute dependency
  • 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
  • 64a3cf4 Release v1.2.0
  • 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
  • ee70306 Merge pull request #1697 from philz/1696
  • 05c0634 Merge pull request #1712 from gruntjs/fix-lint
  • cdd1c19 fix lint in file.js
  • bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
  • 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
  • 58f80ae Merge pull request #1677 from micellius/monorepo-support
  • 1f61427 Add CODE_OF_CONDUCT.md
  • 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
  • 169d496 add link to license
  • 288ea76 add license link
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution