Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #27

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: grunt The new version differs by 10 commits.
  • 9ba3a99 1.0.3
  • eee4c33 Changelog v1.0.3
  • 46da7f2 Merge pull request #1636 from gruntjs/upt
  • 00f4d8a Drop support for Node 0.10 and 0.12
  • e852727 util update
  • 56d702e Update deps
  • 0105524 Fix race condition with file.mkdir and make it operate more similarily to mkdir -p (#1627) r=@vladikoff
  • 303d445 https links (#1629)
  • d969132 Merge pull request #1624 from gruntjs/rm-bump-deps
  • 289ff91 Remove old bump task and deps

See the full diff

Package name: grunt-contrib-watch The new version differs by 16 commits.
  • 6ec71e9 v1.0.1
  • 7d20933 Update copyright year
  • e3d19df Update ci configs
  • d117574 Updating ci configs
  • 99410a7 README.md: Fixed typos (#536)
  • 7f8cf80 Add local grunt-cli
  • ab6771e Drop back to grunt@0.4.5 until the bad test helper can be sorted
  • 2e2daa5 Update to gaze@1.1.0
  • 3d7fa3a Avoid timing issue in tests because of the bad test helper
  • 0130a16 Merge pull request #500 from gruntjs/deps
  • 5289845 Update devDependencies.
  • fd3ed7a Lint tweaks.
  • e42386a Merge pull request #501 from cepko33/master
  • 8c93077 Updated lodash and changed outdated 'contains' to 'includes'
  • 986b8a9 Update CHANGELOG.
  • 5e155ec Add AppVeyor for Windows testing.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot snyk-bot mentioned this pull request Nov 6, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Jan 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot