[Snyk] Fix for 5 vulnerabilities #1138

aliscco · 2023-04-28T14:50:22Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- test/acceptance/workspaces/yarn-app/node_modules/marked/package.json
- test/acceptance/workspaces/yarn-app/node_modules/marked/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

55eb23a Release: 4.0.0
173a532 Docs: Fix the installation instructions
ec54d09 Docs: Improve note about out-of-date docs
03b7c98 Docs: Update recipes to install gulp@next
2eba29e Docs: Remove run-sequence from recipes
76eb4d6 Docs: Add installation instructions & update badges
fbc162f Docs: Remove references to gulp-util
3011cf9 Scaffold: Normalize repository
f27be05 Update: Remove graceful-fs from test suite
361ab63 Upgrade: Update glob-watcher
064d100 Build: Avoid broken node 9
057df59 Release: 4.0.0-alpha.3
c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
89acc5c Docs: Improve ES2015 task exporting examples ([Snyk] Fix for 3 vulnerabilities #1999)
0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md ([Snyk] Security upgrade grpc from 1.22.2 to 1.24.11 #1859)
723cbc4 Docs: Fix syntax in recipe example ([Snyk] Fix for 1 vulnerabilities #1715)
d420a6a Docs: Have gulp.lastRun take a function to avoid task registration ([Snyk] Security upgrade celery from 4.3.0 to 4.4.0rc5 #1828)
29ece6f Upgrade: Update undertaker
e931cb0 Docs: Fix changelog typos ([Snyk] Fix for 1 vulnerabilities #1696)
477db84 Docs: Add a "BrowserSync with Gulp 4" recipe ([Snyk] Fix for 1 vulnerabilities #1659)
d4ed3c7 Docs: Add options.cwd for gulp.src API ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #1645)
5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
c3dbc10 Docs: Clarify incremental builds example ([Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #1609)

See the full diff

Package name: gulp-uglify

The new version differs by 37 commits.

76b5b3a fix(package): update files array
5d4c4c6 chore(all): refactor unit tests
f2b779b feat(composer): implement new API for composing deps
dbbba30 fix(minify): log warnings to gulplog
4cc8751 feat(uglify): add support for UglifyJS3
ad73ab8 chore(pkg): update dependencies, run lint
4656fe5 2.1.2
ba83a45 fix(package): move eslint dependencies to dev
3d0f155 2.1.1
c722ab9 fix(errors): restore file and line info
da3e18f chore(prettier): setup prettier
ec8ba54 fix(tests): UglifyJS errors use "message" property
6c336ec v2.1.0
35c33f1 chore(uglifyjs): loosen uglify-js pin
74b6eff 2.0.1
832b427 chore(package): update uglify-js to version 2.7.5
1bf0f72 docs(README): link to Why Use Pump?
ccdc482 docs(pump): fix typo
5ddafd2 chore(package): update uglify-js to version 2.7.4
d5801ca chore(greenkeeper): ignore "gulp-sourcemaps" dependency
129df84 chore(package.json): update repository field
533ee01 fix(package): update uglify-js to version 2.7.3
1f2c508 docs(why-use-pump): fix plugin name
2829956 docs(README): fix typo

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

…json & test/acceptance/workspaces/yarn-app/node_modules/marked/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/npm:minimatch:20160620 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 5 vulnerabilities #1138

[Snyk] Fix for 5 vulnerabilities #1138

aliscco commented Apr 28, 2023

[Snyk] Fix for 5 vulnerabilities #1138

Are you sure you want to change the base?

[Snyk] Fix for 5 vulnerabilities #1138

Conversation

aliscco commented Apr 28, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

With a Snyk patch: