tkadlec / grunt-perfbudget

Grunt task for performance budgeting.
MIT License
856 stars 37 forks source link

[Snyk] Security upgrade webpagetest from 0.3.9 to 0.4.0 #44

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSVPARSE-467403
No No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-561476
No No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
npm:diff:20180305
No Proof of Concept
high severity Arbitrary Code Injection
npm:growl:20160721
No No Known Exploit
Commit messages
Package name: webpagetest The new version differs by 24 commits.
  • 03f1b35 bump node version
  • eeac4eb bump node version
  • 06c0f31 bump node version
  • be241df bump node version
  • a8699fd bump travis node version
  • 3cdf8ee bump min node version
  • a3bd9d0 Merge branch 'master' of github.com:marcelduran/webpagetest-api
  • 86a40a5 Update dependencies, tests, readme, and copyright info.
  • 2005d5f Merge pull request #126 from SunnyGurnani/master
  • 211349e Merge pull request #128 from zmknox/master
  • eef32f2 fix mocha version
  • b23c01b Merge branch 'master' of github.com:zmknox/webpagetest-api
  • 6ebaf7f fix mocha version
  • 0bb1e6a fix mocha version
  • 209d6cb package bump
  • b5d4852 dependency fix and bump node to v4
  • afad5e9 Fixed keyString
  • 5b8ed79 Made find as an Array so multiple regex can be supplied
  • 83f56b1 Merge pull request #121 from stephendonner/patch-1
  • 2a69a2b Added Pattern to error text
  • 82849e6 Added error if regex data not found
  • e337ca9 Fixed bug with invalid path and added functionality to find through regex
  • a5b28e1 Added TestId if test is run with specs
  • ba3ce04 Bump xml2js to latest, 0.4.19
See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic