New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade hexo from 3.9.0 to 5.0.0 #28

Open

novalina26 wants to merge 1 commit into develop from snyk-fix-1c866c2f2ec23af795143c914c00ef03

Owner

novalina26 commented Nov 27, 2023

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWN-560793	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWN-597156	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Arbitrary File Read SNYK-JS-SWIGTEMPLATES-3266805	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Arbitrary Code Execution SNYK-JS-SWIGTEMPLATES-3266806	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hexo

The new version differs by 250 commits.

1489074 release: 5.0.0 (Update Launching Browsers Guide to List all Edge Browser Variants cypress-io/cypress-documentation#4423)
add6c00 chore(deps): update hexo-cli from 3.0.0 to 4.0.0 (Fix links to GitHub PRs in 9.5.2 cypress-io/cypress-documentation#4445)
8404b3c chore(deps): update hexo-front-matter from 1.0.0 to 2.0.0 (Add cy.origin command API page cypress-io/cypress-documentation#4439)
562e97e Merge pull request Update links to reflect ownership transfer cypress-io/cypress-documentation#4443 from curbengh/rexcerpt
de63ab9 fix(excerpt): stricter regex
49ff2b2 refactor(meta_generator): no longer ignore empty head (Wrong key property for Mouse-Events from a specific button cypress-io/cypress-documentation#4442)
a29d609 perf(external_link): optimized regexp (#4440)
9076422 chore(deps): update hexo-util from 2.0.0 to 2.2.0 (Bugfix: Position is not an option but an argument to click() cypress-io/cypress-documentation#4438)
12c3536 perf(tag): rendering optimization (CLOUD-538: Update GitHub Enterprise docs to remove reference to Preview cypress-io/cypress-documentation#4418)
f1eb90c perf(external_link): regexp & condition (add my cypress network exercises course cypress-io/cypress-documentation#4436)
a34a7e2 merge(CLOUD-351: Update GitHub Enterprise docs minimal repository permissions screenshot cypress-io/cypress-documentation#4420): from SukkaW/tag-error-source
3a56d29 test(benchmark): optimize for local & render post support (docs: update mount api doc for ct changes cypress-io/cypress-documentation#4428)
850ffbc refactor(external_link): migrate config during load_config (docs: Document Cypress.Commands.addAll() cypress-io/cypress-documentation#4414)
97cb698 feat(post_link): better error message for post not found (docs: update mount partial for new imports cypress-io/cypress-documentation#4426)
b8b9d4a Update test case
2a92807 post_link should throw error if no slug/post found
821ef12 feat(tag): show source of the error & beautify
064daa4 test(mocha): run tests in parallel (UDX-133-content-partials cypress-io/cypress-documentation#4374)
5b2808c merge(docs: updates to ct framework config for new ct arch cypress-io/cypress-documentation#4422): from sukkaw/test-coverage-2
0b28f80 test: improve coverage
27684d0 fix(migrator): fix help message
a8d918b test: improve coverage (docs: adding ct beta alert box to needed pages cypress-io/cypress-documentation#4421)
89b2a9a perf(titlecase): lazy require (CLOUD-539: Update GitLab Self-managed docs to remove reference to Preview cypress-io/cypress-documentation#4417)
e3baad9 merge(Docs incorrectly refer to starting server in plugins as anti-pattern cypress-io/cypress-documentation#4416): from sukkaw/lazy-require

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary File Read
🦉 More lessons are available in Snyk Learn


          fix: package.json & package-lock.json to reduce vulnerabilities

f90eb4f

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-MARKDOWN-560793
- https://snyk.io/vuln/SNYK-JS-MARKDOWN-597156
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-SWIGTEMPLATES-3266805
- https://snyk.io/vuln/SNYK-JS-SWIGTEMPLATES-3266806
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet