Skip to content

[Snyk] Security upgrade htmlhint from 0.10.1 to 0.13.1 #23

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade htmlhint from 0.10.1 to 0.13.1 #23

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: htmlhint The new version differs by 82 commits.
  • c4a7de4 chore(release): 0.13.1 [skip ci]
  • c75cd80 ci: cleanup
  • 4e4e07b test: check line by line (#435)
  • dcd0a48 chore: update nyc ts (#434)
  • 562135c Merge branch 'develop' of https://github.com/htmlhint/HTMLHint into beta
  • 78fa94b chore: add coverage codecov (#387)
  • e28e312 chore(release): 0.13.1-beta.2 [skip ci]
  • 7e8429d fix: remove unused dependency esm (#430)
  • 526c1e3 Merge branch 'develop' into beta
  • aa5d81e chore(deps-dev): bump rollup-plugin-terser from 5.3.0 to 6.1.0 (#417)
  • a752328 chore(deps-dev): bump @ rollup/plugin-commonjs from 11.1.0 to 12.0.0 (#418)
  • 0485ac5 chore(deps-dev): bump @ rollup/plugin-node-resolve from 7.1.3 to 8.0.0 (#414)
  • 5096c1d chore(deps-dev): bump rollup from 2.10.3 to 2.12.0 (#429)
  • 000ef48 chore(deps-dev): bump lint-staged from 10.2.2 to 10.2.7 (#426)
  • 963b823 chore(deps-dev): bump mocha from 7.1.2 to 7.2.0 (#416)
  • 9af5937 refactor: simplify build and rename bin to cli (#428)
  • f92b167 Merge branch 'develop' into beta
  • 1de6ff7 chore(deps-dev): bump semantic-release from 17.0.7 to 17.0.8 (#419)
  • 14c9e79 chore(deps-dev): bump @ semantic-release/github from 7.0.6 to 7.0.7 (#415)
  • 36ab078 chore(deps-dev): bump eslint from 7.0.0 to 7.1.0 (#422)
  • cfa4918 chore: ignore formatting of CHANGELOG.md
  • 0637fad refactor: migrate to TypeScript (runtime code changes) (#423)
  • 135c9ba chore(release): 0.13.1-beta.1 [skip ci]
  • d08ec47 Merge branch 'develop' into beta

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot