Skip to content
This repository has been archived by the owner on Oct 4, 2022. It is now read-only.

[Snyk] Fix for 1 vulnerabilities #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #1

wants to merge 1 commit into from

Conversation

tristandlawrence
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: ember-cli-babel The new version differs by 250 commits.
  • 0b83e42 7.0.0
  • fcf317f Merge pull request #140 from babel/babel-7
  • d01d724 Prevent issues with @ babel/preset-env getting unknown options.
  • 1ea60c3 Merge branch 'master' into babel-7
  • 6955f46 Drop support for ember-cli < 2.13.
  • eb03764 Merge changes from master...
  • c58ae85 6.17.0
  • 5486b3e Add recent releases to changelog...
  • ec3f25c Merge pull request #241 from arthirm/master
  • af16202 Bumping broccoli-babel-transpiler
  • b4528ff Update test to properly match plugin style.
  • 2ea0e47 Remove brittle (and unneeded) tests.
  • 9671601 7.0.0-beta.5
  • 1167211 Remove stray .only.
  • cf8f7ee Fix issue with @ babel/polyfill update.
  • b4ea00d 7.0.0-beta.4
  • e53e927 Update dependencies.
  • 1e494d6 Update babel-polyfill -> @ babel/polyfill.
  • 7008a5f Use release version of broccoli-babel-transpiler.
  • 932a1d0 Merge pull request #239 from dfreeman/green-tests
  • a185133 Get tests passing with throwUnlessParallelizable: true
  • 6d11f44 Merge pull request #237 from babel/rwjblue-patch-1
  • b96e5cb Use correct preset env...
  • f9e4f17 Fix file: reference in package.json.

See the full diff

Package name: ember-cli-deploy-gzip The new version differs by 11 commits.
  • 65bc3c1 Specify npm registry
  • 062a0ac Update changelog plugin
  • 75b89a9 Merge pull request #34 from ember-cli-deploy/internal/update-deps
  • cef0f64 Merge pull request #33 from avdv/keep-mtime
  • 84a3787 Merge pull request #30 from jrjohnson/no-woff
  • e42bf7d Add release-it
  • f88bb2d Update dependencieso
  • bfba0bf travis: Upgrade nodejs version to 8
  • 0137bc3 Keep the modification time the same as the original
  • 0b45579 Fix test for "gzips the matching files which are not ignored"
  • 3634030 Skip compressing already compressed font files

See the full diff

Package name: ember-cli-deploy-s3 The new version differs by 26 commits.
  • aad8fde Release 2.0.0
  • 41297f8 Update test deps
  • fdeeb2d Merge pull request #120 from ember-cli-deploy/dependabot/npm_and_yarn/eslint-4.18.2
  • 64a77dd Bump eslint from 3.19.0 to 4.18.2
  • 1f6152e Merge pull request #117 from ember-cli-deploy/dependabot/npm_and_yarn/lodash.merge-4.6.2
  • 6b93f59 Merge pull request #118 from ember-cli-deploy/dependabot/npm_and_yarn/handlebars-4.7.6
  • fd79d0e Merge pull request #121 from ember-cli-deploy/dependabot/npm_and_yarn/js-yaml-3.13.1
  • 44d15fc Bump handlebars from 4.0.6 to 4.7.6
  • 3e6d6ba Bump lodash.merge from 4.6.0 to 4.6.2
  • c638ad5 Bump js-yaml from 3.8.2 to 3.13.1
  • 20777e0 Merge pull request #119 from ember-cli-deploy/chore/update-deps
  • 1ed4d6a Update core-object
  • f469aa4 Use release-it instead of ember-cli-release
  • 138c36d Update ember-cli
  • 23befbd Merge pull request #116 from ember-cli-deploy/chore/node-10
  • 491e1e2 Use node 10, lowest current node LTS
  • 71a84ad Merge pull request #100 from peavers/master
  • aa8f204 Merge pull request #111 from tbartelmess/master
  • 34844bb Merge pull request #106 from prem-chandar/content_type_gzbr_fix
  • e6c79dc Merge pull request #112 from dcyriller/doc-file-pattern
  • a80014c [DOC] `filePattern`: add link to minimatch
  • ed84ce2 [DOC] Added endpoint to README.md
  • 840965c Added an option to specify an endpoint
  • 8b0a9cb contentType handled properly

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
55c1f27 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tristandlawrence @snyk-bot