Open lirantal opened 3 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 5.3
SNYK-JS-GLOBPARENT-1016905
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp-imagemin
The new version differs by 5 commits.- 6c35e59 6.1.0
- 92e224a Update dependencies
- 97cd1c3 6.0.0
- 6e091ed Require Node.js 8
- c1c3346 Create funding.yml
See the full diffPackage name: gulp-nodemon
The new version differs by 10 commits.- 7fcbc06 NPM audit. Closes #176.
- 5100088 Merge pull request #174 from JacksonGariety/dependabot/npm_and_yarn/diff-3.5.0
- 7c0c02e Merge pull request #173 from JacksonGariety/dependabot/npm_and_yarn/growl-1.10.5
- fe95e64 Merge pull request #172 from JacksonGariety/dependabot/npm_and_yarn/mixin-deep-1.3.2
- a8d4391 Merge pull request #171 from JacksonGariety/dependabot/npm_and_yarn/lodash-4.17.15
- 3b01d33 Bump diff from 1.0.8 to 3.5.0
- 5bd5530 Bump growl from 1.8.1 to 1.10.5
- c5f4120 Bump mixin-deep from 1.3.1 to 1.3.2
- f634d93 Bump lodash from 2.4.2 to 4.17.15
- 028d498 Version bump
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic