kmaida / mean-rBox

Recipe box MEAN stack application for creating, storing, and filing recipes.
https://rbox.kmaida.net
MIT License
1 stars 0 forks source link

[Snyk] Security upgrade imagemin from 3.2.2 to 5.0.0 #76

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: imagemin The new version differs by 19 commits.
  • 024fc60 5.0.0
  • ff8b4e6 Use promise based API (#162)
  • 9058626 Merge pull request #144 from ntwb/ci-nodejs-versions
  • 421d832 Merge pull request #146 from jorrit/fix-tests
  • 76ee13e Fixes tests by using is() instead of assert()
  • 3370a9d CI: Test using NodeJS 0.12.x, 4.x.x, and 5.x.x
  • 54785c8 Tweak AppVeyor
  • 6a548d0 Follow up the syntax changes in ava 0.7.0
  • c1df2f6 tweaks
  • ad6aa7a 4.0.0
  • 8e31603 return passthrough stream if the optional dep is not installed
  • 23aa675 Use object stream explicitly
  • ab063fb Fix anchors in readme.md
  • e647e59 Bump vinyl-fs from 1.x to 2.x
  • a2218f0 Test on the latest stable Node
  • 4ad7ab3 test with io.js v3.x on AppVeyor
  • 5cced74 Add `sudo: false` to `.travis.yml`
  • a2330f4 Small tweaks
  • b3992a0 Split API and CLI
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic