Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: postcss-calc The new version differs by 80 commits.
  • cefd2c3 8.0.0
  • 44847c3 Update dependencies
  • 6826ba5 update: use PostCSS 8 API. (#125)
  • f16d55c chore(release): 7.0.5
  • 5621761 fix: reduction(#121)
  • 111a48d 7.0.4
  • 9807c5e Correctly handle summands that cancel out and pull out common factors
  • 7a3bc58 chore(release): 7.0.3
  • 0282bdc fix: substracted css-variable from zero (#111)
  • 295b1df Bump acorn from 6.1.1 to 6.4.1 (#105)
  • bcae630 7.0.2
  • 5fcc943 Update dependencies (#102)
  • 6260789 fix: incorrect reduction of subtraction from zero (#88) (#93)
  • 29ff26e refactor: reducer
  • 0f01794 refactor: reducer
  • d71d9cf fix: doesn't remove calc for single function
  • b5e20dc refactor: parser (#86)
  • b91c6e9 feat: relax parser on unknown units (#85)
  • 69a3ca0 refactor: convert unit utils (#84)
  • 1cd2c5f fix: handle numbers with exponen composed (#83)
  • c4db282 test: comments (#82)
  • 112178b ci: add node@10 (#81)
  • 5e55420 test: newline (#80)
  • 016a444 fix: handle plus sign before value (#79)

See the full diff

Package name: postcss-cli The new version differs by 250 commits.
  • 9e03d5c 8.0.0
  • ed69076 Remove obsolete failing test
  • a4998fa Support postcss v8 (#349)
  • 66b6055 Update dependency yargs to v16 (#340)
  • 1c3ebba Upgrade eslint & eslint-config-problems (#339)
  • 77d2c1d Clean up 'use strict' usage
  • 031aa10 Update dependency prettier to ~2.1.0 (#337)
  • d94f0c6 7.1.2
  • a36f630 Organize and clarify --help text (#336)
  • 91d6ef6 Output plain version number (#335)
  • e2bed8c Update dependency get-stdin to v8 (#327)
  • 5df1399 Update dependency uuid to v8 (#325)
  • d2e7678 7.1.1
  • 0758cd1 Do not use package-lock.json
  • 8b39a4e Update dependency uuid to v7 (#318)
  • 7a9c4ef Fix: External source maps not being generated (#324)
  • 47104bc Update dependency chalk to v4 (#322)
  • 96699c1 Update dependency prettier to v2 (#319)
  • 42fc85e Update dependency globby to v11 (#317)
  • 7574638 Configure Renovate (#316)
  • 62ac6a4 Update fs-extra to version 9.0.0 (#315)
  • e6828a9 Update dependency-graph to version 0.9.0 (#311)
  • 459cc48 Update eslint-config-problems to the latest version 🚀 (#310)
  • 6b0666e Update ava to version 3.1.0 (#309)

See the full diff

Package name: precss The new version differs by 14 commits.
  • bafe9c3 3.0.0
  • 559e84d 2.0.0
  • a229fd8 package.json
  • 867b221 Update plugin organization
  • bd71070 Merge branch 'master' of github.com:jonathantneal/precss
  • 6c51f13 PostCSS 6 - updated dependencies
  • d25d0ac README.md - Use scss for code blocks
  • cd3279d Merge pull request #85 from jboelen/patch-1
  • 2935fae .travis.yml - Node 4
  • c2520f6 Merge pull request #72 from pacosegovia/master
  • eb4866f Merge pull request #79 from RobLoach/fix-tests
  • 1ba6285 Update postcss-partial-import dependency
  • b9f8293 Fix the tests
  • 04635ea Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant