Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade less from 2.7.3 to 3.0.2 #268

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade less from 2.7.3 to 3.0.2 #268

wants to merge 1 commit into from

Conversation

DanielJDufour
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: less The new version differs by 127 commits.
  • b873737 Merge pull request #3177 from Kartoffelsalat/master
  • bd2a93f chore(package): update request to 2.83.0
  • 3699921 Merge pull request #3170 from thorn0/patch-1
  • 6985541 Having `inline` and `less` imports of the same name lead to a race condition
  • 2f1386f Merge pull request #3168 from matthew-dean/master
  • 4272871 Fixes #3116 - lessc not loading plugins in 3.0
  • ba5ad9c Point badges at master branch
  • 4962988 Update CHANGELOG.md
  • 12fe0c6 Update README.md
  • 45d06b9 Merge pull request #3163 from matthew-dean/master
  • 9590b7b Add dist files
  • 0b6536b Merge branch '3.x'
  • a48c24c calc() fix - fixes #974 (partially #1880)
  • 367b46a Merge pull request #3161 from matthew-dean/3.x
  • 4508495 Remove legacy upgrade
  • 2a4a63a Update CHANGELOG.md with 3.x list
  • bb6da28 Update README.md
  • f80a021 Merge pull request #3159 from matthew-dean/3.x
  • 8b4524f Bump to 3.0.0-RC.1
  • d30e3a6 Merge pull request #3150 from anthony-redFox/3.x
  • 0b7c81c Removed install npm 2 version for appveyor. It was hotfix for old node version.
  • 5d230dd Drop node 0.10 and 0.12 and added node 9 matrix testing
  • 385da8f Update stale.yml
  • d384779 Create stale.yml

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
63606d4 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DanielJDufour @snyk-bot