Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #25

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #25

wants to merge 1 commit into from

Conversation

duttonw
Copy link
Member

@duttonw duttonw commented Apr 18, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt-contrib-imagemin The new version differs by 12 commits.
  • 3352598 v1.0.0
  • 212ec99 Merge pull request #329 from sapegin/patch-1
  • 210552c Update imagemin to 4.0.0.
  • 240c7c3 package.json: fix non-standard license.
  • 940cdb4 Travis CI: install npm to fix test failures on node.js 0.10.
  • 70cbdd4 Update appveyor.yml.
  • 11daf26 CI: test node.js 4.0.
  • 93f6964 Merge pull request #313 from carterchung/master
  • db388f7 Fix punctuation error in README.md
  • 27467d0 update readme links
  • 21f151e Update appveyor.yml.
  • 3bb14c8 Small tweaks

See the full diff

Package name: grunt-contrib-jshint The new version differs by 9 commits.

See the full diff

Package name: grunt-contrib-uglify The new version differs by 74 commits.
  • d7704c4 v0.11.1
  • c129bf6 Merge pull request #377 from avdg/fix-screw-ie8-option-crash
  • d74556f Merge pull request #387 from joeldenning/patch-1
  • 758b7d5 Merge branch 'master' of github.com:gruntjs/grunt-contrib-uglify
  • 92c84c8 Point main to task
  • 0b00c0b Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
  • 52cc6ae Merge pull request #388 from swarajgiri/bump-dependencies
  • 2ff0283 Update lodash, maxmin and dev dependencies
  • 6352022 Improve documentation for conditional compilation
  • a6dd1cb Merge pull request #386 from ramswaroop/master
  • f3c4592 Update README.md
  • ea77dde Merge pull request #375 from jrhite/master
  • 63279df Update copyright to 2016
  • 71bf6f5 Merge branch 'master' of https://github.com/vibornoff/grunt-contrib-uglify into fix-screw-ie8-option-crash
  • be7de43 CI: Remove node.js '0.12' and add '5'.
  • 8578547 add handling of mangle_properties regex option in uglifyjs
  • 1deb3be v0.11.0
  • 13e95a2 Bump uglify-js to v2.6.0.
  • 17ee505 Revert "Do not use "^" versions, ever, use ~"
  • 2562bb2 v0.10.1
  • 326f932 Merge pull request #369 from Rialgar/patch-1
  • 7276245 Do not use "^" versions, ever, use ~
  • b8bd228 v0.10.0
  • e47d9e1 Merge pull request #361 from UltCombo/patch-1

See the full diff

Package name: load-grunt-config The new version differs by 36 commits.
  • f5fdb0d Release 0.18.0
  • 736d419 Updated load-grunt-tasks dependency from ~0.3.0 to ~3.3.0
  • 6be99f6 Release 0.17.2
  • e301bba Merge pull request #128 from luisfmsouza/master
  • d19f517 Updating dependencies
  • d97d6d0 Merge pull request #121 from SolomoN-ua/cson
  • 778e800 Updated cson dependency
  • c538e3b Merge pull request #120 from jigardafda/master
  • febabc4 removed unnecessary loop to find fullpaths
  • 264c425 Release 0.17.1
  • 952818d Merge branch 'master' into pr/95
  • 12a3595 fixed tests
  • 2c50e02 Revert "load js-yaml full schema support to allow regexp"
  • 141ff89 fixed jshint
  • 2f3da44 Merge branch 'firstandthird-master'
  • ca65cc6 Merge branch 'master' of https://github.com/firstandthird/load-grunt-config into firstandthird-master
  • 44f59ac Release 0.17.0
  • 852b041 Merge pull request #111 from eliep/master
  • a1967cd Merge pull request #97 from itkoren/yaml-full
  • ac34d09 Merge pull request #103 from FredyC/cson-support
  • 5def14a Merge pull request #113 from pierceray/descexample
  • 47be3d3 Merge pull request #106 from FredyC/custom-merge
  • a6ad5eb Adds a small example for adding a description to the yaml
  • c86f2ae Aliases to functions when the alias is an object with a description

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
c613571 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@duttonw @snyk-bot