Skip to content

[Snyk] Fix for 1 vulnerabilities#13

Open
one3chens wants to merge 1 commit into
masterfrom
snyk-fix-faff33b153412b47c9c02cf6b784f093
Open

[Snyk] Fix for 1 vulnerabilities#13
one3chens wants to merge 1 commit into
masterfrom
snyk-fix-faff33b153412b47c9c02cf6b784f093

Conversation

@one3chens
Copy link
Copy Markdown
Member

@one3chens one3chens commented Mar 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: hexo-cli The new version differs by 114 commits.
  • 0335fce Merge pull request #101 from curbengh/3.0.0
  • 3ae4402 chore(deps-dev): bump mocha from 6.2.0 to 6.2.1 (#117)
  • 01a87f7 chore(deps-dev): bump eslint from 6.4.0 to 6.5.1 (#119)
  • 10326e8 Merge pull request #114 from hexojs/dependabot/npm_and_yarn/sinon-7.5.0
  • fd09efb Merge pull request #115 from hexojs/dependabot/npm_and_yarn/acorn-7.1.0
  • 979b89e Merge pull request #116 from hexojs/dependabot/npm_and_yarn/hexo-util-1.3.1
  • 1f25ab8 chore(deps): bump hexo-util from 1.2.0 to 1.3.1
  • 82409a2 chore(deps): bump acorn from 7.0.0 to 7.1.0
  • 968a6a7 chore(deps-dev): bump sinon from 7.4.2 to 7.5.0
  • ae2fb4a Merge pull request #113 from hexojs/dependabot/npm_and_yarn/hexo-log-1.0.0
  • 9cb01b6 Bump hexo-log from 0.2.0 to 1.0.0
  • 5f33447 fix(console): formatting output (#111)
  • da3b091 Bump eslint from 6.3.0 to 6.4.0 (#110)
  • bc68c5c Bump hexo-util from 1.1.0 to 1.2.0 (#109)
  • 8085f61 Bump hexo-util from 1.0.1 to 1.1.0 (#108)
  • 39f7e71 Bump sinon from 7.4.1 to 7.4.2 (#107)
  • 396f5aa Bump hexo-fs from 1.0.2 to 2.0.0 (#106)
  • c183d2b Bump eslint from 6.2.2 to 6.3.0 (#105)
  • 9939cb6 [Security] Bump mixin-deep from 1.3.1 to 1.3.2 (#103)
  • 7394f7f Bump hexo-util from 1.0.0 to 1.0.1 (#104)
  • 1b3c068 Bump eslint from 6.2.1 to 6.2.2 (#102)
  • 673e6b8 release: 3.0.0
  • 43a34b8 fix(doc): Moved travis-ci from .org to .com (#100)
  • 8aef007 Merge pull request #99 from hexojs/dependabot/npm_and_yarn/hexo-renderer-marked-2.0.0

See the full diff

Package name: hexo-fs The new version differs by 68 commits.
  • 780a5a9 Merge pull request #46 from curbengh/2.0.0
  • b108888 release: 2.0.0
  • 3cde091 Refactor(test): tuple to map (#45)
  • 2d2efcd Merge pull request #44 from segayuu/Refactor-test-1
  • 7d600ad Destructuring path module
  • ba54c11 Refactor test
  • bca03f3 Merge pull request #43 from segayuu/Refactor-useful-chai-as-promised
  • 21da957 Fix test: Usefull chai-as-promised
  • afc4e3e Install chai-as-promised
  • 0154d8a Merge pull request #41 from curbengh/badge
  • 8fec0e0 Merge pull request #42 from hexojs/dependabot/npm_and_yarn/escape-string-regexp-tw-2.0.0
  • 9071966 Update escape-string-regexp requirement from ^1.0.5 to ^2.0.0
  • 060fcba docs(readme): fix appveyor badge
  • 726da41 docs(readme): add npm link and fix appveyor link
  • 719038e Merge pull request #37 from hexojs/dependabot/npm_and_yarn/eslint-tw-6.0.1
  • d2100fb Merge pull request #38 from curbengh/nyc
  • 8c83d6e fix: hasOwnProperty syntax
  • 35df948 chore: deprecate npmignore (#40)
  • 6e32aed chore: add node 12 to appveyor (#39)
  • 1716d2a test: replace istanbul with nyc
  • 29643ad eslint fiixes
  • 491ae31 Update eslint requirement from ^5.16.0 to ^6.0.1
  • 571e1b9 fix chokidar update by removing support for nodejs 6 (#34)
  • 20cb85a Revert "Update escape-string-regexp requirement from ^1.0.5 to ^2.0.0" ([Snyk] Security upgrade cheerio from 0.20.0 to 0.22.0 one3chens/hexo#33)

See the full diff

Package name: nunjucks The new version differs by 250 commits.
  • 53d1223 Release v3.2.1
  • 93129bf Replace yargs with commander
  • 17691da Chokidar bump
  • 40dfdf0 Remove dead link
  • cefb1cf Prevent optional dependency Chokidar from loading when not watching
  • 1485a44 Add badges in README.md
  • 2246457 Add Mozilla Code of Conduct file
  • ff5571c Release v3.2.0
  • f997a52 Add NodeResolveLoader
  • 34b0a26 Fix syntax typos in CONTRIBUTING.md
  • 55e0b7a Set dash as joiner element
  • c99154e Update faq.md
  • 1338712 Emit 'load' events on Loader and Environment instances
  • 057e7b3 Add test for line/column info in user-function exception
  • bcf38f3 Emit line and column info for functions
  • fbddcd5 lexer more accurately tracks token line and column information
  • 889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
  • b828158 Fix documentation typo
  • 1370361 v3.1.7
  • 0a65e1f Fixes for replace example
  • 2946fb4 Removed postinstall-build in favor of npm prepare script
  • 9fd5bdb Add link to Plugin syntax highlighting for VSCode
  • 68ba15c Fix bug where exceptions were silently swallowed with synchronous render
  • 7c187ac tests: fix issue running tests on node 10.x

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
b6f15a8 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@one3chens @snyk-bot