Snyk has created this PR to upgrade autoprefixer from 10.2.1 to 10.4.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 14 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-10-28.
Snyk has created this PR to upgrade autoprefixer from 10.2.1 to 10.4.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. :sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-NODEFORGE-2331910
Why? Proof of Concept exploit, Recently disclosed, CVSS 5.4
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: autoprefixer
In Autoprefixer 10.4 @ lukewarlow added
:autofill
support:nanocolors
topicocolors
.nanocolors
.colorette
tonanocolors
.stretch
value in latest Firefox.-moz-
prefix from::file-selector-button
(by @ usmanyunusov).Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs