Open jamesleesaunders opened 1 month ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
SNYK-JS-INFLIGHT-6095116
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gh-pages
The new version differs by 125 commits.- 4b29930 6.2.0
- a3df19c Log changes
- 0b721f3 Merge pull request #581 from tschaub/updates
- 13b6efc Update globby
- 5a8c819 Merge pull request #578 from tschaub/dependabot/npm_and_yarn/sinon-19.0.2
- bf7ed42 Merge pull request #579 from tschaub/dependabot/npm_and_yarn/eslint-8.57.1
- e55b0dd Bump eslint from 8.57.0 to 8.57.1
- b525485 Bump sinon from 18.0.0 to 19.0.2
- fc668f2 Merge pull request #576 from tschaub/dependabot/npm_and_yarn/async-3.2.6
- d55ea9f Bump async from 3.2.5 to 3.2.6
- 202aa11 Merge pull request #573 from tschaub/dependabot/npm_and_yarn/mocha-10.7.3
- 1938ffc Bump mocha from 10.7.0 to 10.7.3
- bec3b5a Merge pull request #571 from tschaub/dependabot/npm_and_yarn/mocha-10.7.0
- 8c3f124 Bump mocha from 10.6.0 to 10.7.0
- bd04ece Merge pull request #569 from tschaub/dependabot/npm_and_yarn/mocha-10.6.0
- ee1139a Bump mocha from 10.4.0 to 10.6.0
- 7568804 Merge pull request #563 from tschaub/dependabot/npm_and_yarn/braces-3.0.3
- ea804b2 Bump braces from 3.0.2 to 3.0.3
- dd28911 Merge pull request #561 from tschaub/dependabot/npm_and_yarn/sinon-18.0.0
- 0912f47 Bump sinon from 17.0.2 to 18.0.0
- c9d7ef6 Merge pull request #557 from tschaub/dependabot/npm_and_yarn/sinon-17.0.2
- fc349cb Bump sinon from 17.0.1 to 17.0.2
- 985f370 Merge pull request #555 from tschaub/dependabot/npm_and_yarn/dir-compare-5.0.0
- d4f6bd1 Bump dir-compare from 4.2.0 to 5.0.0
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.