search

turkdevops / karma-jasmine

A Karma plugin - adapter for Jasmine testing framework.
MIT License
0 stars 0 forks source link

[Snyk] Upgrade grunt from 1.3.0 to 1.5.1 #105

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade grunt from 1.3.0 to 1.5.1.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:underscore.string:20170908		 375/1000
Why? CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827		 375/1000
Why? CVSS 7.5		 Proof of Concept
Directory Traversal
SNYK-JS-GRUNT-2635969		 375/1000
Why? CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: grunt from grunt GitHub release notes
Commit messages
Package name: grunt
  • d5969ec 1.5.1
  • ad22608 Merge pull request #1742 from gruntjs/update-symlink-test
  • 0652305 Fix symlink test
  • a7ab0a8 1.5.0
  • b2b2c2b Updated changelog
  • 3eda6ae Merge pull request #1740 from gruntjs/update-deps-22-10
  • 47d32de Update testing matrix
  • 2e9161c More updates
  • 04b960e Remove console log
  • aad3d45 Update dependencies, tests...
  • fdc7056 Merge pull request #1736 from justlep/main
  • e35fe54 support .cjs extension
  • ee722d1 1.4.1
  • e7625e5 Update Changelog
  • 5d67e34 Merge pull request #1731 from gruntjs/update-options
  • d13bf88 Fix ci install
  • 08896ae Switch to Actions
  • eee0673 Update grunt-known-options
  • 1b6e288 Add note about a breaking change
  • ffa6775 1.4.0
  • 63b2e89 Merge pull request #1728 from gruntjs/update-deps-changelog
  • 106ed17 Update changelog and util dep
  • 49de70b Merge pull request #1727 from gruntjs/update-deps-apr
  • 47cf8b6 Update CLI and nodeunit
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

pull-dog[bot] commented 2 years ago

*Ruff* :dog: I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file :weary: Make sure the given paths are correct.

Files checked:

What is this? Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a `docker-compose.yml` file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available. Visit our website to learn more.
Commands - `@pull-dog up` to reprovision or provision the server. - `@pull-dog down` to delete the provisioned server.
Troubleshooting Need help? Don't hesitate to file an issue in our repository **Configuration** ```json { "isLazy": false, "dockerComposeYmlFilePaths": [ "docker-compose.yml" ], "expiry": "00:00:00", "conversationMode": "singleComment" } ``` **Trace ID** 424d38f0-ca34-11ec-9526-a4a5a105498f
guardrails[bot] commented 2 years ago

:warning: We detected 1 security issue in this pull request:

Mode: paranoid | Total findings: 1 | Considered vulnerability: 1

Vulnerable Libraries (1)
Severity | Details ----- | -------- Medium | [grunt@1.5.1](https://github.com/turkdevops/karma-jasmine/blob/50cdc4dfff40f2923901d5278ca77f7c9f426008/package.json#L35) upgrade to: *>=1.5.2* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.