Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #18

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #18

wants to merge 1 commit into from

Conversation

MaxMood96
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Uncaught Exception
SNYK-JS-YAML-5458867		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: postcss-cli The new version differs by 45 commits.

See the full diff

Package name: tailwindcss The new version differs by 250 commits.
  • bd03dec 3.1.5
  • 13c2ad0 update changelog
  • 1110d92 Update changelog
  • 62f0791 Add more explicit types for the default theme (#8780)
  • 6e75e6e Update esbuild to version 0.14.48
  • 5d04331 Update eslint-plugin-prettier to version 4.2.1
  • 10e1b39 Update jest to version 28.1.2
  • 6729524 Support font-weight in font-size utilities (#8763)
  • 1318cb6 Update changelog
  • 1029775 Add support for alpha values in safelist (#8774)
  • f135bfa chore: Set permissions for GitHub actions (#8550)
  • 8494f75 Don’t prefix selectors in arbitrary variants (#8773)
  • 5191ec1 Fix usage of special-character prefixes (#8772)
  • c8c4852 Update changelog
  • 445970d Fix usage of postcss.config.js in standalone CLI (#8769)
  • d4f1f15 Allows fallback values in plugin API helpers (#8762)
  • c47e666 Update postcss-load-config to version 4.0.1 (#8686)
  • 7b03ee9 Update cssnano to version 5.1.12
  • 60a0ae2 Update resolve to version 1.22.1
  • 340cca9 Update eslint to version 8.18.0
  • 1a30ca0 3.1.4
  • 9f479f2 update changelog
  • 9c9ce36 Update prettier to version 2.7.1
  • 35b070e Fix typo in changelog

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
1b0e718 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-YAML-5458867
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@MaxMood96 @snyk-bot