New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 9 vulnerabilities #23

Open

baby636 wants to merge 1 commit into v1-dev from snyk-fix-4bb71d64391803e79bc3ca4bf0f9cbf8

Owner

baby636 commented Oct 21, 2022

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

⚠️

Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	No	Proof of Concept
	600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-540974	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-sass

The new version differs by 9 commits.

2b662db 3.0.0
64f6444 Add support for Dart Sass (reattach events Dogfalo/materialize#283)
683ad07 Meta tweaks
12138d1 Fix linting
26c31c0 Require Node.js 8
276257e 2.1.0
cfb6b53 Force the latest verison of node-sass
b7087c6 Travis CI: Add Node.js 7 (Updated the range input code sample Dogfalo/materialize#270)
e9187e2 Lock the XO dependency

See the full diff

Package name: node-sass

The new version differs by 208 commits.

918dcb3 Lint fix
0a21792 Set rejectUnauthorized to true by default (Remove hidden options from UI Dogfalo/materialize#3149)
e80d4af chore: Drop EOL Node 15 (Datepicker closeOnSelect Workaround Breaks Date Formatting Dogfalo/materialize#3122)
d753397 feat: Add Node 17 support (Invalid bower.json Dogfalo/materialize#3195)
dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
80d6c00 chore: Windows x86 on GitHub Actions (Modal top:50% Dogfalo/materialize#3041)
566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (Forum for user support Dogfalo/materialize#3102)
7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (Disable toast when toast have specific class Dogfalo/materialize#3156)
2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (Search bar issue on Chrome Dogfalo/materialize#3161)
fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
6200b21 docs: Double word "support" (Suggestion: Make .valign-wrapper { height: 100%; } by default Dogfalo/materialize#3159)
eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
c167004 6.0.1
911d4db remove mkdirp dep (JS characterCounter() function uses incorrect attribute Dogfalo/materialize#3108)
30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
cfcbb2c chore: Use default Apline version from docker-node (Add option in ScrollSpy to set the vertical offset Dogfalo/materialize#3121)
886319b chore: Drop Node 10 support
c908f4f fix: Bump OSX minimum to 10.11
8ab02da fix: Remove old compiler gyp settings
3d7b9d0 chore: Add Node 16 support
4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Resource Exhaustion
🦉 NULL Pointer Dereference
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn


          fix: package.json to reduce vulnerabilities

a1e5d8a

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODESASS-1059081
- https://snyk.io/vuln/SNYK-JS-NODESASS-535497
- https://snyk.io/vuln/SNYK-JS-NODESASS-535501
- https://snyk.io/vuln/SNYK-JS-NODESASS-535503
- https://snyk.io/vuln/SNYK-JS-NODESASS-535504
- https://snyk.io/vuln/SNYK-JS-NODESASS-535505
- https://snyk.io/vuln/SNYK-JS-NODESASS-540974
- https://snyk.io/vuln/SNYK-JS-NODESASS-540982
- https://snyk.io/vuln/SNYK-JS-NODESASS-542662

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet