Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade laravel-elixir from 3.4.3 to 4.1.2 #15

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade laravel-elixir from 3.4.3 to 4.1.2 #15

wants to merge 1 commit into from
+1 −1

Conversation

RamzyVirani
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • resources/infyom/infyom-generator-templates/vuejs/js/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: laravel-elixir The new version differs by 26 commits.
  • c561390 v4.1.2
  • 762c4ed Bump gulp-phpunit - closes #392
  • 7daeedc Merge pull request #377 from ricardogobbosouza/patch
  • 0212244 Add 4.1 changelog
  • 988b7b6 Add mix.combine() task. - closes #358
  • 948abb9 fixed less, sass watching
  • fa58088 Merge pull request #374 from ricardogobbosouza/feature1
  • da3f4fe Fix doc and remove blank lines
  • ecb89be Merge pull request #366 from jnbn/master
  • 7ed051e Merge pull request #362 from n7olkachev/master
  • f2bf3df Merge pull request #353 from jonhassall/development
  • 24f89a4 Merge pull request #365 from lucasmichot/feature/master/editorconfig
  • b8c4542 browsersync support for dd function
  • 53ff92d Add a .editorconfig file to the project.
  • 4dbfa11 fixed coffee, less, sass watching
  • 338016e Enhance default behavour to strip JavaScript debugging when building with --production
  • f3591b3 Return React transformation
  • 6203744 Add test to ensure source maps are generated
  • 29731c9 Finish removing concatCSS
  • 748d2af Revert concatCSS - closes #349
  • 45fe7a4 v4.0.1
  • eb191fc Remove Vueify
  • c4bcc6c Bump Babelify version
  • 45ee160 Version 4.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

@snyk-bot
fix: resources/infyom/infyom-generator-templates/vuejs/js/package.jso…
Loading
Loading status checks…
6d566d4 
…n to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@RamzyVirani @snyk-bot