topcoder-platform / tc-notifications

4 stars 15 forks source link

[Snyk] Fix for 1 vulnerabilities #226

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-inline-source The new version differs by 3 commits.
  • 213d934 chore: update node support
  • 2ed7510 feat: update to inline-source 6.1.8 (#48)
  • e36a083 chore(ci): rm unnecessary .npmrc creation
See the full diff
Package name: handlebars The new version differs by 22 commits.
  • 8d22e6f v4.0.12
  • 3c970cc Update release notes
  • abba3c7 Update release notes
  • 4bf1c4f Update release notes
  • 41b6a11 Merge branch '4.x' of github.com:wycats/handlebars.js into 4.x
  • 2d28f92 bump grunt-plugin-dependencies to 1.x versions
  • 29b1744 style: omit linting error caused by removing "if"
  • d130ed2 chore: bump various dependencies
  • 2145c14 bump grunt-plugin-dependencies to 1.x versions
  • 8359722 style: omit linting error caused by removing "if"
  • a1d864d chore: bump various dependencies
  • 0ddff8b unnecessary check
  • 288e986 Docs: Document branches in the CONTRIBUTING guide
  • 30df8a1 Testcase for accessing @ root from a partial-block
  • cda544b Add package.json to components shim
  • 69c6ca5 Use `files` field
  • a4e39bd Fix release-notes (links to contributors` pages)
  • b86b918 Fix release-notes (links to github-repo)
  • d3d3942 upgrade uglify-js
  • 73d5637 Update dependencies "async" to 2.5.0 and "source-map" to 0.6.1
  • 7729aa9 Update grunt-eslint to 20.1.0
  • 8947dd0 Update jsfiddle to 4.0.11
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic