Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade less from 2.7.3 to 3.12.0 #273

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade less from 2.7.3 to 3.12.0 #273

wants to merge 1 commit into from

Conversation

DanielJDufour
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: less The new version differs by 250 commits.
  • e4f7551 v3.12.0
  • 371185c v3.12.0-RC.2 (#3540)
  • d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
  • a722237 Remove lib folder from git (#3531)
  • e0f5c1a Move changelog to root (#3530)
  • f7bdce7 Duplicate dist files in root for older links (#3529)
  • 0925cf1 Test-data module (#3525)
  • 51fb02b Fixes #3504 / organizes tests (#3523)
  • efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
  • 2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
  • a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
  • e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
  • 95b9007 Update changelog
  • 6238bbc Fixes #3508 (#3509)
  • 8338366 Update README.md
  • 6313bc5 Update changelog
  • 53bf877 Remove tree caching in import manager (#3498)
  • 0f271f3 issue#3481 ignore missing debugInfo (#3482)
  • 3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
  • 0715d90 fix: Use make-dir instead of mkdirp (#3490)
  • 2634494 Properly exit calc mode after use (#3493)
  • 096dd22 Convert to auto-changelog (#3477)
  • 842386b Fixes #3469 - Include tslib dependency (#3475)
  • 1adaadb 3.11.0 (#3468)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DanielJDufour @snyk-bot